From 0a5bf9821213011508d1287a7f73bec9cbaa772a Mon Sep 17 00:00:00 2001
From: JP Mens <jp@mens.de>
Date: Wed, 6 Mar 2019 08:58:53 +0100
Subject: [PATCH] BIND9 hmac-sha256

BIND9 supports more than just MD5 TSIG keys; also note use of  easy `tsig-keygen(8)`
---
 dehydrated-hook-ddns-tsig.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dehydrated-hook-ddns-tsig.conf b/dehydrated-hook-ddns-tsig.conf
index 4f7d038..849c974 100644
--- a/dehydrated-hook-ddns-tsig.conf
+++ b/dehydrated-hook-ddns-tsig.conf
@@ -23,7 +23,7 @@
 key_name = testkey
 ## base64-encoded value of the key
 key_secret = "R3HI8P6BKw9ZwXwN3VZKuQ=="
-## key-algorithm to use (bind9 only supports hmac-md5)
+## key-algorithm to use (use, eg. `tsig-keygen' to easily generate a BIND9 hmac-sha256 key)
 #key_algorithm = hmac-md5
 
 ## DNS record rewriting
@@ -47,4 +47,4 @@ key_secret = "R3HI8P6BKw9ZwXwN3VZKuQ=="
 #[example.com]
 #name_server_ip = 127.0.0.1
 #key_name = samplekey
-#key_secret = 6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz=
\ No newline at end of file
+#key_secret = 6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz=