[Pdns-users] tsig key not being accepted

Jan-Piet Mens list at mens.de
Mon Jan 30 19:24:50 UTC 2023

>Packet for 'mydomain.com' denied: Signature with TSIG key 'dhcpupdate' does
>not match the expected algorithm (hmac-sha256 / hmac-md5.sig-alg.reg.int)

It appears from very light research (old-fashioned word for 'googling') that
opensense/pfsense used to support HMAC-MD5 only [1], and the above message
indicates so to me.

Try generating an HMAC-MD5 key on for your PowerDNS server and try again with

Alternatively, can you hover over the tooltip in the UI you've shown and
determine whether different algorithms are supported? The screenshot doesn't
suggest they are.


[1] https://github.com/opnsense/plugins/pull/2203/files

More information about the Pdns-users mailing list