Commit 63831f1c authored by Adrien Dorsaz's avatar Adrien Dorsaz
Browse files

Merge branch 'wip/tsigalgoname' into 'master'

tsig: simplifies algorithm list

The algorithm names match now the names used in dnssec-keygen and dnspython tools.

See merge request !2
parents 6766a4a8 a28c132c
Pipeline #34 passed with stage
in 3 minutes and 38 seconds
......@@ -101,7 +101,7 @@ updates and create a TSIG key which will give rights to perform updates.
The configuration of the script will need:
* the TSIG key name and value
* the algorithm used for TSIG key (MD5, SHA1, SHA224, SHA256, SHA384 or SHA512)
* the algorithm used for TSIG key (hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 or hmac-512; list of algoithm depends on knowe ones by dnspython module)
* the DNS zone to update
* the address and the port of the DNS server
......@@ -24,7 +24,7 @@ def get_crt(config, log=LOGGER):
# helper function to send DNS dynamic update messages
def _update_dns(rrset, action):
algorithm ="hmac-{0}".format(config["TSIGKeyring"]["Algorithm"].lower()))
algorithm ="{0}".format(config["TSIGKeyring"]["Algorithm"].lower()))
dns_update = dns.update.Update(config["DNS"]["zone"], keyring=keyring, keyalgorithm=algorithm)
if action == "add":
dns_update.add(, rrset)
......@@ -14,7 +14,7 @@ KeyName = host-example
# Required TSIG key value in base64
# Required TSIG algorithm
Algorithm = SHA256
Algorithm = hmac-sha256
# Required name of zone to update
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment