Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    dnssec-keygen unknown algorithm HMAC-MD5

    Scheduled Pinned Locked Moved DHCP and DNS
    17 Posts 4 Posters 14.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @lelik67
      last edited by

      @lelik67 said in dnssec-keygen unknown algorithm HMAC-MD5:

      Am I missing somethning?

      It was available, tsig-keygen
      Not any more in 2.4.5-p1 .... ?

      I can just subscribe to your @metoo

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate @lelik67
        last edited by

        @lelik67 said in dnssec-keygen unknown algorithm HMAC-MD5:

        tsig-keygen -a HMAC-SHA512 host.example.com

        pfSense 2.4.5-p1, bind pkg 9.14_4:

        [2.4.5-RELEASE][root@pf245p1.lab.int]/root: tsig-keygen -a HMAC-SHA512 host.example.com
        key "host.example.com" {
        	algorithm hmac-sha512;
        	secret "7ZhDCogKtFOXdcQeanXCApoKeeqM3Wf7h7oZGTy1Vk+F6ecQjOleMoEE8ikzNdpIAElEbWqnedyuxddmXUxtRw==";
        };
        
        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          @viktor_g said in dnssec-keygen unknown algorithm HMAC-MD5:

          tsig-keygen -a HMAC-SHA512 host.example.com

          Interesting :

          [2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: tsig-keygen -a HMAC-SHA512 host.example.com
          tsig-keygen: Command not found.
          

          I should login as root ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          viktor_gV 1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate @Gertjan
            last edited by

            @Gertjan try /usr/local/sbin/tsig-keygen

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              I already looked over there.
              No tsig-keygen
              Neither elsewhere.

              A

              grep -R 'tsig-keygen' *
              

              goes 'unknown'.

              Is it part of a 'dns-tools' FreeBSD package ?

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              viktor_gV 1 Reply Last reply Reply Quote 0
              • viktor_gV
                viktor_g Netgate @Gertjan
                last edited by

                @Gertjan it's part of the pfSense-pkg-bind package

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  Ok, .....

                  [2.4.5-RELEASE][root@priv.brit-hotel-fumel.net]/root: pkg install pfSense-pkg-bind
                  Updating pfSense-core repository catalogue...
                  pfSense-core repository is up to date.
                  Updating pfSense repository catalogue...
                  pfSense repository is up to date.
                  All repositories are up to date.
                  The following 3 package(s) will be affected (of 0 checked):
                  
                  New packages to be INSTALLED:
                          bind914: 9.14.12 [pfSense]
                          lmdb: 0.9.24_1,1 [pfSense]
                          pfSense-pkg-bind: 9.14_4 [pfSense]
                  
                  Number of packages to be installed: 3
                  
                  The process will require 17 MiB more space.
                  3 MiB to be downloaded.
                  
                  Proceed with this action? [y/N]: N
                  

                  This also installs bind ?

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  viktor_gV 1 Reply Last reply Reply Quote 0
                  • viktor_gV
                    viktor_g Netgate @Gertjan
                    last edited by

                    @Gertjan Right

                    1 Reply Last reply Reply Quote 0
                    • viktor_gV
                      viktor_g Netgate
                      last edited by viktor_g

                      # pkg info -l bind914 | grep tsig-keygen
                      	/usr/local/man/man8/tsig-keygen.8.gz
                      	/usr/local/sbin/tsig-keygen
                      
                      1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan
                        last edited by

                        Ok, thanks.

                        As I said at the beginning of this thread : I'm using a remote bind server to do the rfc2136 - so I do have the tools ( dnssec-keygen on the bind server == not pfSense) that does the work for me.

                        @rayures has a point, that, I can't deny.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.