Provider checks that key_name is an FQDN, but there's no such restriction in Bind9

[marrold]

The DNS module currently checks that the key_name is an FQDN, but there's no such restriction in Bind9 and I can't see it explicitly mentioned in RFC 2845.

Terraform Version

0.15.5

Affected Resource(s)

Provider

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

provider "dns" {
  update {
    server        = "10.0.144.4" # Can be an IP or domain
    key_name      = "update"
    key_algorithm = "hmac-sha256"
    key_secret    = "things"
  }
}

Expected Behavior

None FQDN string is permitted

Actual Behavior

Module validates the key_name is an FQDN here

Steps to Reproduce

Configure provider with non-FQDN key_name

[Lestat-GitHub]

Hi,

I have exactly the same issue on version 3.4.1 the provider forces me to use a key named with the domain name and this is a non sense for me. I use various keys on my DNS server (certbot, terraform, etc...) and I explicitly want to be aware that an update has been done with a "Terraform" key on my logs.

Is there any plan for implementing this ?

It would be possible in that case to add a "domains" section on the update block in order to specify the list of domains handled by this block ?

Thanks.

[Lestat-GitHub]

Hi, after digging and some tests I discovered that you can specify the key name as an FQDN notation in order for the provider to work.

As an example, I have a terraform key, so to use the provider I just need to use that :

update {
  server        = "my.server.ip"
  key_name      = "terraform-key." (note the ending dot)
  key_algorithm = "hmac-sha256"
  ...
}

Weird, but it works.