DHCPv4 Dynamic DNS (bind9): does it really work?

[mtltt]

Hi,

I tried to set up a DHCPv4 server with Dynamic DNS support (bind9 server included as optional package).
I can't make it work since I ran into several issues:

The rndc-key generated by bind9 is a hmac-sha256; the DHCP Server only allows hmac-sha512 (see: https://github.com/opnsense/core/issues/4136).
Error message: security: error: client @0x44c22e2cf68 127.0.0.1#54103: request has invalid signature: TSIG rndc-key: tsig verify failure (BADKEY)

After the workaround it seems that updating the zone files is not allowed because of missing allow-update { key rndc-key; }; in the named.conf.
Error message: update-security: info: client @0x4613802c168 192.168.145.2#54889/key rndc-key: update '[domain]/IN' denied

After manually adding (which is removed by any config change) it seems that there are permission errors since bind9 can't create a journal file in /usr/local/etc/namedb/master since it is owned by root:wheel.
Error message: general: error: /usr/local/etc/namedb/master/[DOMAIN].db.jnl: create: permission denied

After manually changing the owner to bind:wheel it still doesn't seem to work despite no errors in the logs.
When trying to query the added dynamic host the server doesn't respond the IP address.