Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Id like to use a HMAC-MD5 Transaction Signature to secure dynamic updates on my Bind 9 DNS server. How do I do?

bind DNS Dynamic Secure server signature transaction updates
0
Posted

Id like to use a HMAC-MD5 Transaction Signature to secure dynamic updates on my Bind 9 DNS server. How do I do?

0 CommentsAdd a Comment

1 Answer

1

First generate a key using the dnssec-keygen tool provided in the Bind package. At a command prompt, type: dnssec-keygen -a hmac-md5 -b 128 -n HOST tsig.myzone.org. Replace 128 with 256 or 512, if you need a stronger encryption. Replace myzone.org. with your actual zone name. This command will create two files which hold the key information e.g.: Ktsig.myzone.org.+157+54326.key Ktsig.myzone.org.+157+54326.private Now edit the named.conf file (in the \etc folder) and add the key information (extracted from the previous files) before your zone and add an allow-update { key … } line to your zone like in the example below: key tsig.myzone.org. { algorithm hmac-md5; secret “Ncdq+ViRYWkQHS53QxPyuE==”; }; zone “myzone.org.” in { type master; file “db.myzone.org”; allow-update { key tsig.myzone.org.; }; … }; Finally, in DynSite, in DNS Account Properties, select Transaction Signature (hmac-md5) as the authentication method and enter the key name and value, like in the example below: Key na

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123