Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    dnssec-keygen unknown algorithm HMAC-MD5

    Scheduled Pinned Locked Moved DHCP and DNS
    17 Posts 4 Posters 14.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lelik67
      last edited by

      @rayures said in dnssec-keygen unknown algorithm HMAC-MD5:

      tsig-keygen -a HMAC-SHA512 example.com

      Which version of pfSense/FreeBSD you have?

      tsig-keygen -a HMAC-SHA512 host.example.com
      

      gives me

      tsig-keygen: Command not found.
      

      and

      dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST host.example.com
      

      gives

      dnssec-keygen: fatal: unknown algorithm HMAC-SHA512
      

      Am I missing somethning?

      GertjanG viktor_gV 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @lelik67
        last edited by

        @lelik67 said in dnssec-keygen unknown algorithm HMAC-MD5:

        Am I missing somethning?

        It was available, tsig-keygen
        Not any more in 2.4.5-p1 .... ?

        I can just subscribe to your @metoo

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • viktor_gV
          viktor_g Netgate @lelik67
          last edited by

          @lelik67 said in dnssec-keygen unknown algorithm HMAC-MD5:

          tsig-keygen -a HMAC-SHA512 host.example.com

          pfSense 2.4.5-p1, bind pkg 9.14_4:

          [2.4.5-RELEASE][root@pf245p1.lab.int]/root: tsig-keygen -a HMAC-SHA512 host.example.com
          key "host.example.com" {
          	algorithm hmac-sha512;
          	secret "7ZhDCogKtFOXdcQeanXCApoKeeqM3Wf7h7oZGTy1Vk+F6ecQjOleMoEE8ikzNdpIAElEbWqnedyuxddmXUxtRw==";
          };
          
          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @viktor_g said in dnssec-keygen unknown algorithm HMAC-MD5:

            tsig-keygen -a HMAC-SHA512 host.example.com

            Interesting :

            [2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: tsig-keygen -a HMAC-SHA512 host.example.com
            tsig-keygen: Command not found.
            

            I should login as root ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            viktor_gV 1 Reply Last reply Reply Quote 0
            • viktor_gV
              viktor_g Netgate @Gertjan
              last edited by

              @Gertjan try /usr/local/sbin/tsig-keygen

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                I already looked over there.
                No tsig-keygen
                Neither elsewhere.

                A

                grep -R 'tsig-keygen' *
                

                goes 'unknown'.

                Is it part of a 'dns-tools' FreeBSD package ?

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                viktor_gV 1 Reply Last reply Reply Quote 0
                • viktor_gV
                  viktor_g Netgate @Gertjan
                  last edited by

                  @Gertjan it's part of the pfSense-pkg-bind package

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by

                    Ok, .....

                    [2.4.5-RELEASE][root@priv.brit-hotel-fumel.net]/root: pkg install pfSense-pkg-bind
                    Updating pfSense-core repository catalogue...
                    pfSense-core repository is up to date.
                    Updating pfSense repository catalogue...
                    pfSense repository is up to date.
                    All repositories are up to date.
                    The following 3 package(s) will be affected (of 0 checked):
                    
                    New packages to be INSTALLED:
                            bind914: 9.14.12 [pfSense]
                            lmdb: 0.9.24_1,1 [pfSense]
                            pfSense-pkg-bind: 9.14_4 [pfSense]
                    
                    Number of packages to be installed: 3
                    
                    The process will require 17 MiB more space.
                    3 MiB to be downloaded.
                    
                    Proceed with this action? [y/N]: N
                    

                    This also installs bind ?

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    viktor_gV 1 Reply Last reply Reply Quote 0
                    • viktor_gV
                      viktor_g Netgate @Gertjan
                      last edited by

                      @Gertjan Right

                      1 Reply Last reply Reply Quote 0
                      • viktor_gV
                        viktor_g Netgate
                        last edited by viktor_g

                        # pkg info -l bind914 | grep tsig-keygen
                        	/usr/local/man/man8/tsig-keygen.8.gz
                        	/usr/local/sbin/tsig-keygen
                        
                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan
                          last edited by

                          Ok, thanks.

                          As I said at the beginning of this thread : I'm using a remote bind server to do the rfc2136 - so I do have the tools ( dnssec-keygen on the bind server == not pfSense) that does the work for me.

                          @rayures has a point, that, I can't deny.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.