Commit a28c132c authored by Adrien Dorsaz's avatar Adrien Dorsaz

tsig: simplifies algorithm list

The algorithm names match now the names used in dnssec-keygen and dnspython tools.
parent 4869b6c6
Pipeline #33 passed with stage
in 3 minutes and 38 seconds
......@@ -101,7 +101,7 @@ updates and create a TSIG key which will give rights to perform updates.
The configuration of the script will need:
* the TSIG key name and value
* the algorithm used for TSIG key (MD5, SHA1, SHA224, SHA256, SHA384 or SHA512)
* the algorithm used for TSIG key (hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 or hmac-512; list of algoithm depends on knowe ones by dnspython module)
* the DNS zone to update
* the address and the port of the DNS server
......
......@@ -24,7 +24,7 @@ def get_crt(config, log=LOGGER):
# helper function to send DNS dynamic update messages
def _update_dns(rrset, action):
algorithm = dns.name.from_text("hmac-{0}".format(config["TSIGKeyring"]["Algorithm"].lower()))
algorithm = dns.name.from_text("{0}".format(config["TSIGKeyring"]["Algorithm"].lower()))
dns_update = dns.update.Update(config["DNS"]["zone"], keyring=keyring, keyalgorithm=algorithm)
if action == "add":
dns_update.add(rrset.name, rrset)
......
......@@ -14,7 +14,7 @@ KeyName = host-example
# Required TSIG key value in base64
KeyValue = XXXXXXXXXXX==
# Required TSIG algorithm
Algorithm = SHA256
Algorithm = hmac-sha256
[DNS]
# Required name of zone to update
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment