You need to install first the DDNS Agent Service
If you use the DNS Cache service on the same Artica server as the Kea DHCP service, dynamic records updates are automatically enabled.
To do this, you need to add local domains.
These local domains will tell your DNS service that it can receive updates from your DHCP server.
On the left menu, go to DNS > DNS Cache service > local domains
- Click on “New domain” button.
- Set the domain defined in your DHCP service.
- Select the new created domain and click on the link.
- Turn on the DDNS option.
- Key Name:
It must be unique; if you create a duplicate, the last key added will be used for all domains with the same key name.
¶ TSIG Key
This is an encryption key for authenticating and decrypting communications between the server receiving the information and the server sending the information.
Make sure that the keys are identical on each server wishing to communicate.
- If you don't know how to generate these keys, click on the Generate key button to either define the key generated from another server or create a new one.
- Use the Current field in order to edit the key
¶ Algorithm
The service support several cryptographic algorithms for TSIG (Transaction SIGnature) keys.
The most commonly supported algorithms are based on HMAC (Hash-based Message Authentication Code).
Here are the algorithms typically supported:
- HMAC-MD5:
This is the original TSIG algorithm defined in RFC 2845.
While it is widely supported, it is considered less secure than more modern algorithms and is gradually being deprecated.
- HMAC-SHA1:
It offers better security than HMAC-MD5 but is also becoming less preferred due to the weaknesses found in SHA-1.
- HMAC-SHA224
This algorithm provides a balance between speed and security, but it's less commonly used compared to SHA-256.
- HMAC-SHA256:
This is a widely used algorithm and is recommended for its strong security properties.
- HMAC-SHA384:
It offers even stronger security and is a good choice for high-security environments.
- HMAC-SHA512:
This algorithm provides the highest level of security among the SHA family but may have a performance impact due to its computational intensity.
- Once your domain is saved, click on “
Reconfigure service” to apply your changes in production mode.
