1

我正在尝试使用 python 更新 dns 服务器区域中的记录,但我遇到了关键问题。

该密钥在命令行上使用类似于nsupdate -k Ktest.com.+165+48236.key -v update.txt-- 所以我知道 dns 服务器可以正常使用该密钥。

这是所有测试/虚拟值,所以我也发布了密钥字符串

print "Updating zone [%s] record [%s] on dns host [%s] with new ip [%s]" % (zone, record, dns_host, new_ip)
keyring = dns.tsigkeyring.from_text({record : key})
print ""
print key
print ""
print keyring
print ""
update = dns.update.Update(record, keyring = keyring, keyname = record, keyalgorithm = 'hmac-sha512')
update.replace(record, 300, 'A', new_ip)

输出:
使用新 ip [123.123.123.123] 在 dns 主机 [127.0.0.1] 上更新区域 [test.com] 记录 [auth.test.com]

Q3oiZUnS83s9+8bBWwn+5ZMfj/qHwAWVuAt2Zck1YhYUygPeTwkKbXjV 6Wj+cIf/2IRdjv5OEDUrrA/orGAlZw==


{<DNS name auth.test.com.>: 'Cz"eI\xd2\xf3{=\xfb\xc6\xc1[\t\xfe\xe5\x93\x1f\x8f\xfa\x87\xc0\x05\x95\xb8\x0bve\xc95b\x16\x14\xca\x03\xdeO\t\nmx\xd5\xe9h\xfep\x87\xff\xd8\x84]\x8e\xfeN\x105+\xac\x0f\xe8\xac`%g'}

Traceback (most recent call last):
  File "./service_tester.py", line 122, in <module>
    check_nodes(config)
  File "./service_tester.py", line 107, in check_nodes
    check_dns(record_name, record_items['zone'], record_items['failover_type'],      record_items['key'], record_items['good_nodes'], record_items['dns_host'])
  File "./service_tester.py", line 69, in check_dns
    update_dns(zone, record, dns_server, good_hosts[0], key)
  File "./service_tester.py", line 44, in update_dns
    response = dns.query.tcp(update, dns_host)
  File "/usr/lib/python2.7/site-packages/dns/query.py", line 323, in tcp
    one_rr_per_rrset=one_rr_per_rrset)
  File "/usr/lib/python2.7/site-packages/dns/message.py", line 786, in from_wire
    reader.read()
  File "/usr/lib/python2.7/site-packages/dns/message.py", line 727, in read
    self._get_section(self.message.additional, adcount)
  File "/usr/lib/python2.7/site-packages/dns/message.py", line 679, in _get_section
    self.message.first)
  File "/usr/lib/python2.7/site-packages/dns/tsig.py", line 163, in validate
    raise PeerBadKey
 dns.tsig.PeerBadKey

在我看来,密钥环对象不正确,但我不知道为什么不正确。

编辑:dns服务器上的错误是:not authoritative for update zone (NOTAUTH)

但是,如果我这样做,ndupdate -k keyfile -v update.txt它只会花花公子。

4

1 回答 1

0

问题原来是:

update = dns.update.Update(record, keyring = keyring, keyname = record, keyalgorithm = 'hmac-sha512')

本来应该

update = dns.update.Update(zone, keyring = keyring, keyname = record, keyalgorithm = 'hmac-sha512')

该错误消息非常令人困惑,因为它表示它无法更新 dns 服务器上的区域,而不是客户端实际上尝试更新该区域。

于 2013-11-11T20:24:34.403 回答