17 Feb
2009
17 Feb
'09
7:42 p.m.
On Wed, 18 Feb 2009 10:55:30 +1100, Mark Andrews said:
I solve it by give the machine a name. Adding a KEY record at that name to the DNS, the private part the machine knows.
I think the issue is that the machine in question may not know its own hostname to start, much less that dnssec is in use, or that a private key is supposed to be remembered on the machine. So there's a bit of a bootstrapping problem there. Of course, you can skip over that issue by letting the DHCP server do the DNS updates as a proxy for the just-DHCP'ed machine, but that has other issues... (or just pre-populate the DNS with DHCP-2001-9A98-D247-{5more}.ISP.com and be done with it like many places do for IPv4)