I'm working with dnspython attempting to perform updates against a BIND9 server, however I keep getting a Bad Key response (“tsig verify failure (BADKEY)”) - when I use nsupdate the key works just fine. Is there anyone who has successfully implemented dnspython to perform dynamic updates against BIND DNS?
Here is a GIST with all code and errors: https://gist.github.com/anonymous/0afc800ef0615aa7c1219ec25c032eef
I had to use the keyalgorithm parameter to the update.Update function, as well as import the specific algorithm from the dns.tsig module
from dns import query, update, tsigkeyring
from dns.tsig import HMAC_SHA256
key='EQSVvuA/KMAa/0ugdBBLqjxgP+o5rI7y8JoJbOICpJM='
bindhost='192.168.56.10'
ip='192.168.56.10'
keyring = tsigkeyring.from_text({
'test.local' : key
})
update = update.Update('test.local.', keyring=keyring, keyalgorithm=HMAC_SHA256)
update.replace('abc', 300, 'A', ip)
response = query.tcp(update, bindhost, timeout=10)