Updated dnsapi (markdown)

2025-03-14 16:10:09 +08:00 · 2022-01-27 10:43:20 +08:00 · 2022-01-27 10:43:20 +08:00 · f39647d6a5
commit f39647d6a5
parent 1e5897a7da
1 changed files with 11 additions and 0 deletions
--- a/dnsapi.md
+++ b/dnsapi.md
@ -155,6 +155,17 @@ zone "example.com" {
    };
 }
 ```
+Notes on BIND 9.16.1-Ubuntu 20.04.3 LTS
+
+```
+# dnssec-keygen no longer do tsig algorithm, so tsig-keygen (came with bind9)
+tsig-keygen -a hmac-sha512 acme | sudo tee /etc/bind/acme.key
+# as nsupdate need creation of *.jnl where zone file resides, read /var/log/syslog for error details
+sudo chmod g+w /etc/bind
+# similar to above steps: include key, allow-update with key on target zone
+# echo 'include "/etc/bind/acme.key";' | sudo tee --append /etc/bind/named.conf.local
+```
+

 Finally, make the DNS server and update Key available to `acme.sh`