I had this working before on another server but can't seem to get it working again on this newer server. Running Devuan 4 Chimaera.
I followed this tutorial:
http://www.btteknik.net/?p=143
Zone config:
Code:
#dynamic zones:
zone "example.com" IN { type master; file "/etc/bind/zones/example.com";
#allow-update {
#key ddns-key.example.com;
#127.0.0.1;
#};
update-policy { grant ddns-key.example.com name example.com ANY;};
};
#dynamic zone keys:
key "ddns-key.example.com" {
algorithm hmac-sha256;
secret "[secret]";
};
But when I go to update I just get a badkey error.
Code:
;; TSIG PSEUDOSECTION:
ddns-key.example.com. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1648531231 300 0 21086 BADKEY 0
(example.com being my domain)
The way I update is a bit different as I'm trying to reuse a script from my previous server so maybe the commands or syntax changed? I don't quite understand the way they're doing it in that tutorial as they are referring to /etc/ddnsupdate.key which does not exist on my system and there's no indication as to what the file is suppose to be.
This is the relevant part of my update script:
Code:
echo "server 127.0.0.1" > .temp.txt
echo "zone example.com" >> .temp.txt
echo "key ddns-key.example.com [secret]" >> .temp.txt
echo "update delete dyn.example.com A" >> .temp.txt
echo "update add dyn.example.com 300 A ${CURIP}" >> .temp.txt
echo "send" >> .temp.txt
nsupdate -d .temp.txt
rm .temp.txt
If I type those commands manually I get the error too.
Though in the tutorial they do refer to a .key file... I don't have such a file? I just have the key inside the zone config, is there suppose to be another file to accompany it?
Also in the actual zone file, am I suppose to specify a A record with a dummy IP or leave it blank, for the subdomain I want to update? I tried with or without but it does not seem to make any difference. I got rid of the key stuff and doing IP based auth only and the update seems to work, ex: no errors, but it's not actually updating anything.
I might just make a script to edit the record file directly probably easier.