Hi,
I'm using the latest dnspython from git and can't get any of the HMAC
SHA algorithms to work with a TSIG update. They all result in a
PeerBadKey exception. I've verified all my SHA keys work correctly with
BIND's nsupdate. The code below works when using an MD5 key.
Looks like a bug?
Code:
import dns.query
import dns.tsigkeyring
import dns.update
keyring = dns.tsigkeyring.from_text({
'hss-admin-sha1': 'JCTX+wcIeYX8j/mgUnkiPW6Ws78='
})
update = dns.update.Update('www.testing.heanet.ie.', keyring=keyring)
update.replace('www.testing.heanet.ie.', 0, 'A', '127.1.1.1')
response = dns.query.udp(update, '127.0.0.1')
Exception and BIND syslog error:
Traceback (most recent call last):
File "./py-dnsupdate.py", line 18, in <module>
response = dns.query.udp(update, '127.0.0.1')
File "/usr/local/lib/python2.6/dist-packages/dns/query.py", line 149, in udp
one_rr_per_rrset=one_rr_per_rrset)
File "/usr/local/lib/python2.6/dist-packages/dns/message.py", line 774, in
from_wire
reader.read()
File "/usr/local/lib/python2.6/dist-packages/dns/message.py", line 719, in
read
self._get_section(self.message.additional, adcount)
File "/usr/local/lib/python2.6/dist-packages/dns/message.py", line 671, in
_get_section
self.message.first)
File "/usr/local/lib/python2.6/dist-packages/dns/tsig.py", line 152, in
validate
raise PeerBadKey
dns.tsig.PeerBadKey
named[30420]: client 127.0.0.1#41693: request has invalid signature: TSIG
hss-admin-sha1: tsig verify failure (BADKEY)
Thanks,
--
Cillian Sharkey Managed Network Services
t: +353-1-660-9040 HEAnet Limited - http://www.heanet.ie/
f: +353-1-660-3666 5 George's Dock, I.F.S.C., Dublin 1.
PGP: E1B98B66 Registered in Ireland, no. 275301
_______________________________________________
dnspython-bugs mailing list
[email protected]
http://howl.play-bow.org/mailman/listinfo.cgi/dnspython-bugs
