`DDNS` now supports additional algorithms
Previously, the `dhcpd` daemon supported only the `HMAC-MD5` hashing algorithm which is considered insecure for critical applications. As a consequence, the `Dynamic DNS (DDNS)` updates were potentially insecure. This update adds support for additional algorithms: `HMAC-SHA1`, `HMAC-SHA224`, `HMAC-SHA256`, `HMAC-SHA384`, or `HMAC-SHA512`.
Created attachment 1222357 [details]
Backported upstream fix
dhcp-4.2.5-47.el7 only supports known to be insecure HMAC-MD5 algorhitm for dynamic dns upates. I'd suggest backporting upstream fix which add support for HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.
From e4a2cb79b2679738f56b3803a44c9899f6982c09 Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <email@example.com>
Date: Mon, 8 Sep 2014 11:41:44 -0400
Subject: [PATCH] [v4_2] Addes addtional HMAC TSIG algorithms to DDNS
Merges in rt36947
Fix for Doc Text: "HMAC-MD5" - not MD5.
Fixed. The Doc text updated. Thanks, Tuono.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.