Hi,
I am trying to create (add) new DNS record on remote server using dnspython.
However, I am rather lost on how to provide correct authentication for the DNS Server for the library. Examples page
http://www.dnspython.org/examples.html has a not on dns.tsigkeyring as in here:
- Use DNS dynamic update to set the address of a host to a value specified on the command line:
import dns.query
import dns.tsigkeyring
import dns.update
import sys
keyring = dns.tsigkeyring.from_text({
'host-example.' : 'XXXXXXXXXXXXXXXXXXXXXX=='
})
update = dns.update.Update('dyn.test.example', keyring=keyring)
update.replace('host', 300, 'a', sys.argv[1])
response = dns.query.tcp(update, '10.0.0.1')
I am using corparate DNS (from microsoft) and running script on Linux host (CentOS7, but I don't think it really matters). I do not have direct access to the DNS server itself, but I can authenticate via Krb5, as in here
$ kinit majus...@CORPORATE.SERVER
Password for mami...@CORPORATE.SERVER:
Warning: Your password will expire in 5 days on Sat 04 May 2019 06:24:59 PM CEST
$ klist
Ticket cache: KEYRING:persistent:1000:krb_ccache_nOk6TYF
Default principal: majus...@CORPORATE.SERVER
Valid starting Expires Service principal
04/29/2019 12:28:27 04/29/2019 22:28:27 krbtgt/CORPORAT...@CORPORATE.SERVER
renew until 05/06/2019 12:28:23
But since the key is already in persistent KEYRING, I do not see how to provide the key as `str` to the dns.update.Update().
What is the correct way to generate key in such environment?