tsig-key
Mohammed Ejaz
I have info blox DNS appliance and slave is BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4, now the problem is "Zone transfer wont happening" when I am enabling Tsig key at master server of infoblox. It gives you the error like " client request has invalid signature tsig tranfer: tisg verify failure"
Here is the configuration, I was trying to do it. .
My client/slave server configuration, the file created tsig.key under /var/named with the following entries nI
key "TRANSFER" {
algorithm HMAC-MD5;
#secret "ODvOnAg9F2j2Y09jTQRC276h1vY=";
secret "egr5WSDQAlP54KrnWweRjg==";
};
# Master server IP
server 195.88.245.33 {
keys { TRANSFER; };
};
In named.conf file on the slave server.
include "/var/named/tsigkeys";
Any help would be highly appreciated.
Thanks
Ejaz Sys admin
Mark Andrews
In message <032d01cf84c4$93869180$ba93b480$@cyberia.net.sa>, "Mohammed Ejaz" wr
ites:
Does the secret match?
Does the algorithm match?
If you are using truncated tsig does the length match?
If you are using views is the server clause within the view?
Time should be ok as there is a different error code with a
different description.
Have you tried testing this with dig?
dig -y TRANSFER:egr5WSDQAlP54KrnWweRjg== axfr <zone> @195.88.245.33 +all
e.g.
% dig -y TRANSFER:egr5WSDQAlP54KrnWweRjg== axfr dv.isc.org +all
;; Couldn't verify signature: tsig indicates error
; <<>> DiG 9.11.0pre-alpha <<>> -y TRANSFER axfr dv.isc.org +all
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOTAUTH, id: 15607
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dv.isc.org. IN AXFR
;; TSIG PSEUDOSECTION:
transfer. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1402438051 300 0 15607 BADKEY 0
; Transfer failed.
%
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Doug Barton
> Any help would be highly appreciated.
Sorry, couldn't resist ...
Doug