[Pdns-users] tsig key not being accepted

Larry Wapnitsky larry at wapnitsky.com
Sat Jan 28 14:58:22 UTC 2023

(domain names and keys changed in production from these values)

I'm running the following:

root at ns1:~# pdns_server --version
Jan 28 09:54:21 PowerDNS Authoritative Server
4.8.0-alpha0.1002.master.g13427ee56 (C) 2001-2022 PowerDNS.COM BV
Jan 28 09:54:21 Using 64-bits mode. Built using gcc 9.4.0 on Jan 18 2023
12:08:28 by root at 4f762a9684f6.

I was able (until yesterday) to update DNS entries using RFC2136, but am
now receiving the following error:

Packet for 'mydomain.com' denied: Signature with TSIG key 'dhcpupdate' does
not match the expected algorithm (hmac-sha256 / hmac-md5.sig-alg.reg.int)

My TSIG key is set as follows:

root at ns1:~# pdnsutil generate-tsig-key dhcpupdate hmac-sha256Create new
TSIG key dhcpupdate hmac-sha256

and the configuration in my RFC2136 client (opnsense) is:

[image: 2023-01-28_09-57.png]

Advice is very welcome on how to diagnose. I've recreated the keys multiple
times to no avail.

Thank you.

*Larry G. Wapnitsky*

*E: Larry at Wapnitsky.com*
*Web: Larry.Wapnitsky.com <http://larry.wapnitsky.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20230128/e08cc06b/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2023-01-28_09-57.png
Type: image/png
Size: 47830 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20230128/e08cc06b/attachment-0001.png>

More information about the Pdns-users mailing list