Changes to named between 7.0 and 9.2?

To: "port-amd64:netbsd.org"@prd.co.uk
Subject: Changes to named between 7.0 and 9.2?
From: steve%prd.co.uk@localhost (Steve Blinkhorn)
Date: Fri, 6 May 2022 16:10:41 +0000 (UTC)

One of the things that went awry after upgrading from 7.0 to 9.2 was
that the automatic renewal of my Letsencrypt certificate stopped
working.  For one thing I lost my crontab, which I hadn't realised was
ketp in /var, but that's fixable with a bit of editing.

More importantly the DNS update challenge no longer works.  named -g
-d 9 reports:

request has invalid signature: TSIG update: tsig verify failure (BADSIG)

Nothing is different in my acme.sh setup, and I can manually update
the zone with a TXT record using nsupdate with the same key
on the nameserver.

Is it possible that 9.2 generates a signature differently from 7.0,
despite the relevant key files being identical?

-- 
Steve Blinkhorn <steve%prd.co.uk@localhost>

Prev by Date: possible hint to solve "/sbin/poweroff not working (NetBSD-current)"
Next by Date: Re: Changes to named between 7.0 and 9.2?
Previous by Thread: possible hint to solve "/sbin/poweroff not working (NetBSD-current)"
Next by Thread: Re: Changes to named between 7.0 and 9.2?
Indexes:

Home | Main Index | Thread Index | Old Index