运行 Bind9 角色时出现 TSIG 更新错误 (PeerBadKey)

tag-icon tag-icon bind ansible ansible-playbook
运行 Bind9 角色时出现 TSIG 更新错误 (PeerBadKey)

当我尝试使用 nsupdate 模块在 Bind9 区域中创建 A 记录时,我遇到了这种错误fatal: [bobul-2]: FAILED! => {"changed": false, "msg": "TSIG update error (PeerBadKey): The peer didn't know the key we used"}。我确信该键在命名的.conf.本地命名的.conf.选项因为我正在使用模板模块在那里更改配置。

 - name: Set backup A record 
   community.general.nsupdate: 
     key_name: "nsupdate.key"
     key_algorithm: "hmac-sha256" 
     key_secret: "{{ nsupdate_key_secret }}" 
     server: "bobul-2"
     zone: "{{ startup_domain }}"
     record: backup 
     value: "{{ backup_ip }}"
   when: inventory_hostname in groups['dns_masters']

我不知道为什么会抛出这个错误,因为我的管理配置是正常的。

- name: Change bind9 configuration
  ansible.builtin.template:
    dest: /etc/bind/named.conf.{{ item }}
    src: named.conf.{{ item }}.j2
  loop:
    - options
    - local
  notify: Restart bind9

- name: Configure master zone
  ansible.builtin.template:
    dest: /var/cache/bind/db.{{ startup_domain }}
    src: zone.j2
    force: no
  notify: Rndc reload
  when: inventory_hostname in groups['dns_masters']

- name: Configure ptr zone
  ansible.builtin.template:
    dest: /var/cache/bind/db.rev
    src: zone.rev.j2
    force: no
  notify: Rndc reload
  when: inventory_hostname in groups['dns_masters']

- name: Set backup A record
  community.general.nsupdate:
    key_name: "nsupdate.key"
    key_algorithm: "hmac-sha256"
    key_secret: "{{ nsupdate_key_secret }}"
    server: "bobul-2"
    zone: "{{ startup_domain }}"
    record: backup
    value: "{{ backup_ip }}"
  when: inventory_hostname in groups['dns_masters']

我希望该模块将在我的托管主机中创建 A 记录。

TASK [bind : Change bind9 configuration] ***************************************
ok: [bobul-2] => (item=options)
ok: [bobul-1] => (item=options)
ok: [bobul-2] => (item=local)
ok: [bobul-1] => (item=local)

TASK [bind : Configure master zone] ********************************************
skipping: [bobul-1]
ok: [bobul-2]

TASK [bind : Configure ptr zone] ***********************************************
skipping: [bobul-1]
ok: [bobul-2]

TASK [bind : Set backup A record] **********************************************
skipping: [bobul-1]
fatal: [bobul-2]: FAILED! => {"changed": false, "msg": "TSIG update error (PeerBadKey): The peer didn't know the key we used"}

相关内容