[Pdns-users] DDNS with TSIG not working, need assistance

Aki Tuomi cmouse at youzen.ext.b2.fi
Mon Nov 14 13:54:06 UTC 2016

On Mon, Nov 14, 2016 at 05:19:20AM -0800, MRob wrote:
> On 2016-11-13 21:21, Aki Tuomi wrote:
> >On Sun, Nov 13, 2016 at 05:56:50PM -0800, mrobti at insiberia.net wrote:
> >>I'm having a hard time knowing how to debug this message:
> >>
> >>Packet for domain 'local.' denied: can't find TSIG key with name
> >>'tsig.key.local.' and algorithm 'hmac-sha512.'
> >>
> >>Is that a small bug that is reporting the algorithm with a dot at
> >>the end? Or is it my problem? I double-checked that the algorithm is
> >>not being specified with a dot on either side, so if that's the
> >>problem, I don't know how to fix it.
> >>
> >>I have a single TSIG entry:
> >>id | name            | algorithm   | secret
> >>1  | tsig.key.local. | hmac-sha512 | xxxxxxxxx....
> >>
> >
> >Silly thing but the algorithm is actually a DNSName too, so it needs to
> >be hmac-sha512. with a dot.
> I see. That's a bit confusing and it is probably important to make
> clear that this does not mean one's configuration should be set to
> "hmac-sha512." - only that this is how it gets used internally and
> presented in the logs.
> My problem turned out to be there also should not have been a
> trailing dot in the name field.

Yes. I forgot gSQL handles dots like that.

> Though now I am experiencing
> Failed PreRequisites check, returning 6

Your DNS update package contains requirement that the value
does not exist.

> Can anyone point me in the right direction?
> After the update processing is authenticated, only one query happens:
> SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM
> records WHERE disabled=0 and name=?
> The server seems to be handling an add request - does it expect to
> find no rows returned from that query?  If so, is there any
> configuration that ensures existing records are purged before adding
> the new one?
> Thank you for the response

More information about the Pdns-users mailing list