I'm sure this is something obvious I'm overlooking while I futz around with setting up an RPZ (9.10.3-P4-Debian)
BIND config has: key "dns-update" { algorithm HMAC-SHA512; secret "KEYREDACTED=="; }; and zone "test.rpz." { type master; allow-transfer { key "dns-tsig"; }; allow-update { key "dns-update"; }; file "/etc/bind/zones/db.test.rpz"; }; Generated my key with: dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST -r /dev/urandom dns-update Also, transfers work fine from another host using the dns-tsig key. But updates are not working: Whether I invoke nsupdate with: nsupdate -y hmac-sha512:dns-update:KEYREDACTED== or nsupdate -k ./Kdns-update.+165+33140.private Once I'm into nsupdate: > server 127.0.0.1 > add some.test.rpz 60 a 1.1.1.1 > send update failed: REFUSED > and in the logs: Jun 1 20:19:34 rpz0 named[30999]: client 127.0.0.1#64585/key dns-update: signer "dns-update" denied Jun 1 20:19:34 rpz0 named[30999]: client 127.0.0.1#64585/key dns-update: update 'test.rpz/IN' denied What am I missing here? Thx - mark -- Mark E. Jeftovic <mar...@easydns.com> Co-founder & CEO, easyDNS Technologies Inc. +1-(416)-535-8672 x 225 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users