[Pdns-users] TSIG updates fail with NOAUTH error

Aki Tuomi cmouse at youzen.ext.b2.fi
Wed Sep 14 15:23:30 UTC 2016

On Wed, Sep 14, 2016 at 09:52:30AM -0500, Kenneth Marshall wrote:
> Hi,
> I am trying to get TSIG updates to work to a pdns-3.4.9 slave and
> they fail with a NOAUTH error. It looks like even though the key
> is correct and allowed in the domainmetadata that because it is
> designated a 'SLAVE' in the domains table the update is failing.
> In order to manage services interruptions (DR for example), we
> need to be able to update the slaves if the master(s) are
> unavailable. Is there a configuration option that controls this
> behavior? I need to avoid having to require direct DB access to
> allow this to work, i.e. by changing the domains type from 'SLAVE'
> to 'MASTER'. Any assistance would be appreciated.
> Regards,
> Ken

Unfortunately you need to do DNSUPDATEs for the master, otherwise they
are not replicated correctly, as slave cannot update master.

Alternative is to use native replication, such as mysql multi-master mode
or similar solution where you can do updates from multiple sources.


More information about the Pdns-users mailing list