Port-amd64 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Changes to named between 7.0 and 9.2?



steve%prd.co.uk@localhost (Steve Blinkhorn) writes:

> So I ran nsupdate on two of my colo servers, one has been upgraded to 9.2, the other is
> awaiting upgrade and is currently on 8.0_RC1.  I used a non-root account and attempted
> to add the same TXT record to my primary DNS server, using copies of the same key as in
> my acme.sh setup.  On 9.2 it failed with a 'bad TSIG' message, on 8.0_RC1 it succeeded.
>
> I was badly bitten a while back with an unremaked md5 change when I bumped my Tcl/Tk
> scripts (of which I have many) from 8.4 to 8.6 and eventually discovered that the
> default output from md5 was now binary, upper-case hex was an option, when previously
> lower-case hex was the default.  Lots of editing and testing needed at no notice.
>
> Has somethng similar happened here?  The problem appears to be compatibility between 9.2
> and previous releases, and acme.sh seems to be exonerated.
>
> --
> Steve Blinkhorn <steve%prd.co.uk@localhost>


The example I provided was actually from an ArchLinux VM.  I currently
do not have a very recent 9.2 NetBSD install to test with, but I do have
a recent NetBSD-current system.  In both the ArchLinux and -current
case, the nsupdate test worked as expected.  I also tried my older
9.0_STABLE system and it also worked fine.  While it can be imagined
that what you are suggesting is possible, I could not reproduce the
problem using the simple test that was provided (I may have a 9.2 system
available at some point, but not right away).

You should actually be able to perform this test from literally any
system type that provides nsupdate (literally anything that can send
packets on port 53 and has the tsig key ... subject to the grant
restrictions and/or firewall rules you may have on your DNS server).  If
you find that only the 9.2 system has problems then a PR should probably
be filed to get the attention of folks.


-- 
Brad Spencer - brad%anduin.eldar.org@localhost - KC8VKS - http://anduin.eldar.org


Home | Main Index | Thread Index | Old Index