[SUPPORT-216] tsig unknown algorithm hmac-sha256 - OpenDNSSEC

XML

Word

Printable

Details

Type: Support
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: OpenDNSSEC 2.0.0a3
Fix Version/s: OpenDNSSEC 2.1
Component/s: Signer
Labels:
None
Environment:

Debian Stretch amd64

OpenDNSSEC 2.0.4

SoftHSM2 2.2.0

Bind9 9.10.3

Description

I migrated my OpenDNSSEC environment from Debian jessie to Debian stretch.

In this step i had to migrate the SoftHSM and the sqlite3 database to the new versions.

Everything went well in the first steps, but when i start the ods-signerd i get some strange messages.

https://issues.opendnssec.org/browse/SUPPORT-216#

[xfrd] zone myzone request axfr to ::1
[xfrd] unable to sign request: tsig unknown algorithm hmac-sha256

In my addns.xml i have the following configuration

<snip>
<?xml version="1.0" encoding="UTF-8"?>
<Adapter>
        <DNS>
                <TSIG>
                        <Name>opendnssec-in</Name>
                        <Algorithm>hmac-sha256</Algorithm>
                        <Secret>my secret=</Secret>
                </TSIG>
                <TSIG>
                        <Name>opendnssec-out</Name>
                        <Algorithm>hmac-sha256</Algorithm>
                        <Secret>another secret=</Secret>
                </TSIG>
<snip>

The two hmac-sha256 keys also exist in the bind9 configuration.

This configuration worked well with my "old" OpenDNSSEC within Debian jessie. (i think it was version 1.4.8)

So i don't know why there is this strange message regarding hmac-sha256

Any help would be apreciated

Attachments

Issue Links

is cloned by

OPENDNSSEC-904 autoconfigure fails to properly identify functions in ssl library

Resolved

Activity

People

Assignee:: Berry van Halderen

Reporter:: Michael

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-06-30 08:15

Updated:: 2017-08-10 15:42

Resolved:: 2017-08-10 15:42