Skip to content

Instantly share code, notes, and snippets.

@jpmens

jpmens/tsig-keygen.md

Created March 6, 2019 08:19
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jpmens/19c25de1c476b4077bddacf7a97ae6a6 to your computer and use it in GitHub Desktop.
Save jpmens/19c25de1c476b4077bddacf7a97ae6a6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tsig-keygen.md

old

$ /usr/sbin/dnssec-keygen -a HMAC-SHA512 -b 128 -n HOST example.org
Kexample.org.+165+46294

$ cat Kexample.org.+165+46294.key
example.org. IN KEY 512 3 165 ZKiFXX3Q3Nj7TALud8n0fQ==

# <insert: copy/paste all sorts of stuff>

new

$ /usr/sbin/tsig-keygen example.org
key "example.org" {
        algorithm hmac-sha256;
        secret "3iwaUeF6pO5QUHR17/tVkNtZZZjpytzK0QWAH07wh5E=";
};

wow

$ /usr/sbin/ddns-confgen
# To activate this key, place the following in named.conf, and
# in a separate keyfile on the system or systems from which nsupdate
# will be run:
key "ddns-key" {
        algorithm hmac-sha256;
        secret "KEyPhhvJbBroeT87yzWfGcBxTbSBPVGFhJyfmZEu0Wo=";
};

# Then, in the "zone" statement for each zone you wish to dynamically
# update, place an "update-policy" statement granting update permission
# to this key.  For example, the following statement grants this key
# permission to update any name within the zone:
update-policy {
        grant ddns-key zonesub ANY;
};

# After the keyfile has been placed, the following command will
# execute nsupdate using this key:
nsupdate -k <keyfile>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment