我正在尝试使用python更新dns服务器区域中的记录,但我遇到了关键问题。
使用类似于nsupdate -k Ktest.com.+165+48236.key -v update.txt
的命令在命令行上正常工作 - 所以我知道dns服务器在使用该密钥时没问题。
这是所有测试/虚拟值,所以我也发布了密钥字符串
print "Updating zone [%s] record [%s] on dns host [%s] with new ip [%s]" % (zone, record, dns_host, new_ip)
keyring = dns.tsigkeyring.from_text({record : key})
print ""
print key
print ""
print keyring
print ""
update = dns.update.Update(record, keyring = keyring, keyname = record, keyalgorithm = 'hmac-sha512')
update.replace(record, 300, 'A', new_ip)
<小时/> 输出:
在dns主机[127.0.0.1]上更新区域[test.com]记录[auth.test.com]
Q3oiZUnS83s9+8bBWwn+5ZMfj/qHwAWVuAt2Zck1YhYUygPeTwkKbXjV 6Wj+cIf/2IRdjv5OEDUrrA/orGAlZw==
{<DNS name auth.test.com.>: 'Cz"eI\xd2\xf3{=\xfb\xc6\xc1[\t\xfe\xe5\x93\x1f\x8f\xfa\x87\xc0\x05\x95\xb8\x0bve\xc95b\x16\x14\xca\x03\xdeO\t\nmx\xd5\xe9h\xfep\x87\xff\xd8\x84]\x8e\xfeN\x105+\xac\x0f\xe8\xac`%g'}
Traceback (most recent call last):
File "./service_tester.py", line 122, in <module>
check_nodes(config)
File "./service_tester.py", line 107, in check_nodes
check_dns(record_name, record_items['zone'], record_items['failover_type'], record_items['key'], record_items['good_nodes'], record_items['dns_host'])
File "./service_tester.py", line 69, in check_dns
update_dns(zone, record, dns_server, good_hosts[0], key)
File "./service_tester.py", line 44, in update_dns
response = dns.query.tcp(update, dns_host)
File "/usr/lib/python2.7/site-packages/dns/query.py", line 323, in tcp
one_rr_per_rrset=one_rr_per_rrset)
File "/usr/lib/python2.7/site-packages/dns/message.py", line 786, in from_wire
reader.read()
File "/usr/lib/python2.7/site-packages/dns/message.py", line 727, in read
self._get_section(self.message.additional, adcount)
File "/usr/lib/python2.7/site-packages/dns/message.py", line 679, in _get_section
self.message.first)
File "/usr/lib/python2.7/site-packages/dns/tsig.py", line 163, in validate
raise PeerBadKey
dns.tsig.PeerBadKey
在我看来,密钥环对象不正确,但我不知道为什么不是这样。
编辑:dns服务器上的错误是:not authoritative for update zone (NOTAUTH)
但是,如果我做了ndupdate -k keyfile -v update.txt
,它只是花花公子。
答案 0 :(得分:0)
问题原来是:
update = dns.update.Update(record, keyring = keyring, keyname = record, keyalgorithm = 'hmac-sha512')
应该是
update = dns.update.Update(zone, keyring = keyring, keyname = record, keyalgorithm = 'hmac-sha512')
错误消息非常令人困惑,因为它说它无法更新dns服务器上的区域,而不是客户端实际尝试更新该区域。