BIND - TSIG Signed Dynamic DNS Updates
|
|
 | |
|
BIND - TSIG Signed Dynamic DNS Updates
|
|
| |
|
To enable TSIG signed dynamic DNS updates in BIND follow these steps: Open the named.conf file in a text editor, and add a key section in the top of the file, and add a matching allow-update statement to the zone you want Simple Failover to update: 
IMPORTANT: make sure to add a period (.) after the key name (following the word key) in both sections. The algorithm must always be hmac-md5. The secret corresponds to the key value field in Simple Failover. The zone file must be placed in a directory where dynamic updates are allowed. In the screen shot you can see, that we have placed the simplefailover.com.zone file in the dyn directory. Command line tools are available with BIND to create key values (secrets). However, it is easier (and just as secure) to use the Generate button in the Simple Failover DNS Server Properites dialog for this. After editing and saving the named.conf file, you must restart BIND for the changes to take effect. You need to use the same key name and value (secret) in Simple Failover in the DNS Server Properties dialog. See the TSIG Signed Dynamic DNS update section for more details on this update method. |
