Update bind puppet module to use FIPS-approved hash function for dhcpd shared secret
#2 Updated by Ewoud Kohl van Wijngaarden almost 4 years ago
- Status changed from New to Need more information
I'd argue this is currently a CANTFIX. According to rdnc.conf (https://linux.die.net/man/5/rndc.conf):
The key statement begins with an identifying string, the name of the key. The statement has two clauses. algorithm identifies the encryption algorithm for rndc to use; currently only HMAC-MD5 is supported. This is followed by a secret clause which contains the base-64 encoding of the algorithm's encryption key. The base-64 string is enclosed in double quotes.
#5 Updated by Dmitri Dolguikh almost 4 years ago
Hash functions other than MD5 are supported in bind (and rndc-config) versions 9.10.0 and higher. See https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=4eb998928b9aef0ceda42d7529980d658138698a for details.