[Pdns-users] DDNS with TSIG not working, need assistance

MRob mrobti at insiberia.net
Mon Nov 14 13:19:20 UTC 2016

On 2016-11-13 21:21, Aki Tuomi wrote:
> On Sun, Nov 13, 2016 at 05:56:50PM -0800, mrobti at insiberia.net wrote:
>> I'm having a hard time knowing how to debug this message:
>> Packet for domain 'local.' denied: can't find TSIG key with name
>> 'tsig.key.local.' and algorithm 'hmac-sha512.'
>> Is that a small bug that is reporting the algorithm with a dot at
>> the end? Or is it my problem? I double-checked that the algorithm is
>> not being specified with a dot on either side, so if that's the
>> problem, I don't know how to fix it.
>> I have a single TSIG entry:
>> id | name            | algorithm   | secret
>> 1  | tsig.key.local. | hmac-sha512 | xxxxxxxxx....
> Silly thing but the algorithm is actually a DNSName too, so it needs to
> be hmac-sha512. with a dot.

I see. That's a bit confusing and it is probably important to make clear 
that this does not mean one's configuration should be set to 
"hmac-sha512." - only that this is how it gets used internally and 
presented in the logs.

My problem turned out to be there also should not have been a trailing 
dot in the name field.

Though now I am experiencing

Failed PreRequisites check, returning 6

Can anyone point me in the right direction?

After the update processing is authenticated, only one query happens:

SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records 
WHERE disabled=0 and name=?

The server seems to be handling an add request - does it expect to find 
no rows returned from that query?  If so, is there any configuration 
that ensures existing records are purged before adding the new one?

Thank you for the response

More information about the Pdns-users mailing list