From: Calvin S. <c.s...@qm...> - 2024-06-28 11:57:47
|
"TSIG error is a problem that occurs when a DNS server fails to verify a transaction signature". Wrong/bad rndc key used Cal Sawyer ITS Research Platforms Manager Queen Mary University of London ________________________________ From: Tomer Shachaf via xCAT-user <xca...@li...> Sent: 26 June 2024 18:43 To: xCAT Users Mailing list <xca...@li...> Cc: Tomer Shachaf <tom...@ma...> Subject: Re: [xcat-user] [External] Manually add CNAME records to xcat-managed DNS? CAUTION: This email originated from outside of QMUL. Do not click links, scan QR codes or open attachments unless you recognise the sender and know the content is safe. What is TSIG ? And where I can find it ? בברכה , תומר שחף | מהנדס אינטגרציה ותשתיות | חטיבת אינטגרציה ותשתיות | מטריקס | נייד 054-2686841 | tom...@ma...<mailto:tom...@ma...> | www.matrix.co.il<http://www.matrix.co.il/> [image001.jpg] On 26 Jun 2024, at 20:42, Kilian Cavalotti <kil...@gm...> wrote: Hi Calvin, On Fri, Jun 21, 2024 at 5:47 AM Calvin Sawyer <c.s...@qm...> wrote: The issue is no so much what makedns -n will do , but how to actually create a CNAME record in xcat's DNS Running nsupdate using a keyfile containing the key data that exists in both named.conf and in passwd tabdb, any change attempt results in : ; TSIG error with server: tsig indicates error update failed: NOTAUTH(BADKEY What I'm hoping to discover is how to add a record manually using nsupdate in the same manner as xcat does running makedns <node>. I usually do something like this to get the TSIG auth key from the xCAT passwd table, and use it to authenticate nsupdate: $ xk=$(tabdump -w key==omapi passwd | awk -F, '!/#/ {gsub(/"/,""); print $3}') $ nsupdate -l -v -y xcat_key:$xk Hope this helps! Cheers, -- Kilian _______________________________________________ xCAT-user mailing list xCA...@li... https://lists.sourceforge.net/lists/listinfo/xcat-user זהירות: מקור הדואל הזה הוא מחוץ למטריקס. חל איסור ללחוץ על קישורים או לפתוח קבצים מצורפים אלא אם כן השולח מוכר והתוכן בטוח Caution: The source of this email is from outside Matrix. it is forbidden to click on links or open attachments unless you recognize the sender and know the content is safe. |