Updating through knsupdate is no problem at all. With knsupdate I can actually update bind9 and knot. The problem is with the script somehow working for bind and not working for knot.

knsupdate -y hmac-sha256:example.com.:SECRET

server bad::dad

zone example.com

del ddns.example.com. 300 IN A 3.4.5.6

send


server dead::beef

zone example.com

del ddns.example.com. 300 IN A 3.4.5.6

send


Does update bind9 and knot. My knot version is 2.1.0-dev


My knot.conf

log:

    # Log info and more serious events to syslog.

  - target: syslog

    any: debug


key:

  - id: example.com.

    algorithm: hmac-sha256

    secret: SECRET


acl:

  - id: nsupdate_acl

    key: example.com.

    action: update

     

template:

  - id: default

    storage: /var/lib/knot

    semantic-checks: on

    dnssec-signing: on

    kasp-db: /var/lib/knot/kasp

zone:

  - domain: example.com

    file: "example.com.zone"

    acl: [nsupdate_acl]




Andrew Stevenson <andrew@ugh.net.au> schrieb am Mo., 5. Okt. 2015 um 22:09 Uhr:
On 05 Oct 2015, at 21:29, Ulrich Wisser <ulrich@wisser.se> wrote:

The attached script does update my bind9 instance but reports SERVFAIL for Knot.

That would point towards your knot config. Perhaps if you share it (sans keys of course) someone might spot something.

I have DDNS working with knot v1 so I can compare configs if you happen to still be on v1. I also posted something a few months back about the problems I was having and what I did to get it going which may help. I don’t know how much this applies to v2 as I haven’t got there yet.

I am sending updates by calling knsupdate from a shell script.

Andrew
--
Ulrich Wisser
ulrich@wisser.se