DNS Update RFC2136 without security

I am trying to get the DNS Update Service to update DNS records in an Windows DNS Server. It is an internal Domain DNS Server, so there is no security (needed).
The rancher server is running in the same domain.
I can add DNS records using nsupdate from my local machine without TSIG.

When I use DNS Update RFC2136 I get errors, because TSIG Key Name and TSIG Key are mandatory.

I looked at the code here and can’t see an easy way to send the request without TSIG.

We plan to have several internal tools running in this domain. For external facing stuff (website, etc.) we plan to use an external DNS provider.

Saying it’s internal so there’s no need for security seems rather short-sighted, but I expect we would accept a PR that added an INSECURE or similar option that allowed doing no TSIG.

Generally speaking I would agree, in this specific case it actually makes sense, it is a separate, secured network. It is just that the DNS server accepts updates from members of this network, not that there is no security at all…
I’ll see what I can do.

OK, I opened the PR:

1 Like