Skip to content

Instantly share code, notes, and snippets.

@amphineko
Created March 4, 2019 10:51
Show Gist options
  • Save amphineko/615618f8026ddd4faad52c75ea9daeb0 to your computer and use it in GitHub Desktop.
Save amphineko/615618f8026ddd4faad52c75ea9daeb0 to your computer and use it in GitHub Desktop.
Using Dynamic Update with Knot DNS

Using Dynamic Update with Knot DNS

Step 1: Generate a TSIG key

You will use a TSIG key to authenticate yourself to your Knot server.

Using keymgr shipped in knot-dnsutils (for Debian releases) makes it simple.

keymgr -t <tsig_name> [<algorithm>] [<bits>]

For example, to generate a key named amphineko:

$ keymgr -t amphineko

Then put the generated output into your knot.conf.

# hmac-sha256:amphineko:ZWh2R5wD4W6LsmaEXxs9K169L0w0FKwiSXerV7rfrQA=
key:
- id: amphineko
  algorithm: hmac-sha256
  secret: ZWh2R5wD4W6LsmaEXxs9K169L0w0FKwiSXerV7rfrQA=

Step 2: Configure ACL and zone

To allow the clients from 127.0.0.1 with the key named amphineko to update the zone example.com:

acl:
  - id: update_acl
    address: 127.0.0.1
    action: update
    key: amphineko

zone:
  - domain: example.com
    acl: update_acl
    file: example.com.zone

And reload your new knot.conf:

# knotc reload

Step 3: Send update

You may use knsupdate shipped in knot-dnsutils to send your dynamic updates.

For example, to add a CNAME record www.example.com pointing to example.com:

$ knsupdate -y hmac-sha256:amphineko:ZWh2R5wD4W6LsmaEXxs9K169L0w0FKwiSXerV7rfrQA=
> server 127.0.0.1
> zone example.com.
> add www.example.com. 300 CNAME example.com.
> send
> answer

Note that domains should fully be qualified here.
You should say www.example.com. instead of www.example.com which omits the trailing period and produces a record www.example.com.example.com..

See Knot DNS documents for other commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment