BUG: RFC2136 client key name case sensitivity



  • Just found a minor bug with the RFC2136 (Dynamic DNS updates) client in 2.3.2-p1
    The key name as entered in pfSense is dropped to lowercase before being sent to the server. It then does not match on the server and the client is refused.

    e.g. keyname on server and pfSense is configured as "AbcdEfg". When pfSense sends the update to the server it's using keyname "abcdefg" and getting refused. By reconfiguring the server to accept keyname "abcdefg" the DDNS update is successful.



  • Your topic has been unresponsive for quite some time, most interestingly I'm having problems with RFC2136.
    Is that the problem, I use pfsense 2.3.3 and realmanete does not work with me RFC2136.
    Let's wait for someone else to interact here, to find out if it's really a BUG or not



  • Been using RFC2136 for years with camel case HMAC-MD5 key without issue.

    Server is running BIND9 nsupdate.



  • Thanks for the info.
    I must be doing something wrong.
    Please, how are you doing to use nsupdate? Are you using any script?



  • Just recalling that I've recently seen in some pfSense config comparisons that some options have recently be lowercased.  Perhaps it is related to that.

    Don't ask me why people think things should be lowercased.  Long standing pet peeve of mine.  Store stuff as user enters it.  If something needs it in upper or lower case then it's up to it to adjust accordingly as needed for use.

    Search the config to see if it is being stored in lower case.



  • @luciano_frc:

    Thanks for the info.
    I must be doing something wrong.
    Please, how are you doing to use nsupdate? Are you using any script?

    I don't recall how I set it up off top of my head.  The sticky at top of this forum has some good info. though.



  • Exact, but I tried as described here
    https://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS
    But with no success, in the RFC2136 guide the script is outdated, I have set the settings but I can not succeed
    I even opened a topic about it
    https://forum.pfsense.org/index.php?topic=63899.msg697022#msg697022
    About nsupdate
    I have tried using it to update a zone of my DNS more unsuccessfully as well
    https://forum.pfsense.org/index.php?topic=125916.msg697038#msg697038

    I really appreciate all the help I can get.
    I'm looking for a solution to this for 4 days, and I really do not find anything at all.

    Thank you very much :)



  • It's been along time since I setup my RFC2136 service and I'm not adept enough with it to talk someone through it.  I used some of the same sources referenced in the sticky atop this forum.



  • Can you please send me. A print from RFC2136.
    And if possible, send me the bind configuration files?



  • No.  Not going to do that.  All the info needed should already be available in the pfSense doc.  My setup is not significantly different.



  • Thanks for the answer.
    But it does not contribute to anything.
    In the above doubts.
    It just reports that it works, but it does not know how it works.

    I will continue researching and I will not give up for answers like this.
    thank you


Log in to reply