45063 2023-01-27 19:22:50 +0300 При изменении имени компьютера создаётся некорректный ddns-key.conf 2023-02-01 10:15:36 +0300 1 1 4 Development Sisyphus alterator-bind unstable x86_64 Linux CLOSED FIXED P5 normal --- 1 jqt4 boyarsh boyarsh qa-sisyphus oldest_to_newest 220820 0 jqt4 2023-01-27 19:22:50 +0300 Система установлена из образа http://beta.altlinux.org/server/x86_64/alt-server-10.1-rc2-x86_64.iso и обновлена до Сизифа. rpm -q bind alterator-bind bind-9.16.37-alt1.x86_64 alterator-bind-0.9.5-alt1.1.1.x86_64 При изменении имени компьютера в acc (вкладка Ethernet-интерфейсы) создаётся файл: cat /var/lib/bind/etc/ddns-key.conf key ddns-key { algorithm hmac-md5; secret ""; }; При этом в лог /var/run/alteratord/alteratord.log выдаётся: recreate domain... Cleaning up resolvconf zones... dnssec-keygen: fatal: The -r option has been deprecated. System random data is always used. sed: невозможно прочитать .private: Нет такого файла или каталога dnssec-keygen: fatal: The -r option has been deprecated. System random data is always used. sed: невозможно прочитать .private: Нет такого файла или каталога /usr/bin/ddns-sh-functions: строка 450: out: не заданы границы переменной could not read key from /var/lib/bind/etc/Kddns-key.+157+*.{private,key}: file not found update failed: REFUSED DHCP не работает с таким файлом: dhcpd -t -cf /var/lib/bind/etc/ddns-key.conf ; echo $? Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /var/lib/bind/etc/ddns-key.conf line 4: expecting a parameter or declaration }; ^ Configuration file errors encountered -- exiting Please note the following before requesting help: This software is a part of the Internet Software Consortium's DHCP suite with modifications for ALT Linux. The ISC folks quite reasonably require that you do not bother them with questions on software that includes third-party modifications and might not be based off their latest code. Hence, please direct any questions to the community@ mailing list instead; the subscription instructions are given at http://lists.altlinux.org/mailman/listinfo/community . Please also read the SUPPORT section on the README about submitting bug reports and requests for help. exiting. 1 Причина проблемы в том, что интерфейс командной строки утилиты dnssec-keygen из bind изменился и строки скрипта ddns-sh-functions из alterator-bind: local key="$(/usr/sbin/dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n USER "$name")" local secret="$(sed -n 's/Key:[[:space:]]\+\([^[:space:]]\+\)/\1/p' "$key.private")" работают неправильно. Прошу исправить. 220914 1 jqt4 2023-01-30 17:54:41 +0300 Лог сравнения help'ов старого и нового bind'ов: $ diff -u ../../help-9.11.log ../../help-9.16.log --- ../../help-9.11.log 2023-01-30 17:52:16.743546892 +0400 +++ ../../help-9.16.log 2023-01-30 17:53:05.858303207 +0400 @@ -2,41 +2,30 @@ Usage: dnssec-keygen [options] name -Version: 9.11.37 +Version: 9.16.35 name: owner of the key Options: -K <directory>: write keys into directory + -k <policy>: generate keys for dnssec-policy + -l <file>: configuration file with dnssec-policy statement -a <algorithm>: - RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA | - RSASHA256 | RSASHA512 | ECCGOST | + RSASHA1 | NSEC3RSASHA1 | + RSASHA256 | RSASHA512 | ECDSAP256SHA256 | ECDSAP384SHA384 | - ED25519 | ED448 | DH | - HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | - HMAC-SHA384 | HMAC-SHA512 - (default: RSASHA1, or NSEC3RSASHA1 if using -3) + ED25519 | ED448 | DH -3: use NSEC3-capable algorithm -b <key size in bits>: - RSAMD5: [512..4096] - RSASHA1: [512..4096] - NSEC3RSASHA1: [512..4096] - RSASHA256: [512..4096] + RSASHA1: [1024..4096] + NSEC3RSASHA1: [1024..4096] + RSASHA256: [1024..4096] RSASHA512: [1024..4096] DH: [128..4096] - DSA: [512..1024] and divisible by 64 - NSEC3DSA: [512..1024] and divisible by 64 - ECCGOST: ignored ECDSAP256SHA256: ignored ECDSAP384SHA384: ignored ED25519: ignored ED448: ignored - HMAC-MD5: [1..512] - HMAC-SHA1: [1..160] - HMAC-SHA224: [1..224] - HMAC-SHA256: [1..256] - HMAC-SHA384: [1..384] - HMAC-SHA512: [1..512] - (if using the default algorithm, key size - defaults to 2048 for KSK, or 1024 for all others) + (key size defaults are set according to + algorithm and usage (ZSK or KSK) -n <nametype>: ZONE | HOST | ENTITY | USER | OTHER (DNSKEY generation defaults to ZONE) -c <class>: (default: IN) @@ -47,7 +36,6 @@ -g <generator>: use specified generator (DH only) -L <ttl>: default key TTL -p <protocol>: (default: 3 [dnssec]) - -r <randomdev>: a file containing random data -s <strength>: strength value this key signs DNS records with (default: 0) -T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0)) -t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF) 220990 2 repository-robot 2023-02-01 10:15:36 +0300 alterator-bind-0.9.6-alt1 -> sisyphus: Tue Jan 31 2023 Dmitry Terekhin <jqt4@altlinux> 0.9.6-alt1 - ddns-sh-functions: Use tsig-keygen instead of dnssec-keygen (closes: #45063).