[Opendnssec-user] zonefetch.xml with TSIG
Sebastian Castro
sebastian at nzrs.net.nz
Tue Mar 2 22:43:31 UTC 2010
Pierre LEBRECH wrote:
> Hello,
>
> When I configure ODS to make AXFR without TSIG, zone_fetcher can transfer the zone. But if I use TSIG, it can not.
>
> I tried a manual dig with TSIG and it worked, but within ODS it didn't.
>
> So, where should I look to correct this?
>
> Here is my TSIG statement within zonefetch.xml :
>
> <TSIG>
> <Name>hidden-ods</Name>
> <Algorithm>hmac-md5</Algorithm>
> <Secret>y7ZSL+SXOglczotXGiYxTS2zhMu34QnjCGx0aYg4TqjOyrEsuL9+ZsmLhaHB/QJQeoU63mOyVeqtfTwBxU8oxA==</Secret>
> </TSIG>
>
> The name "hidden-ods" is the BIND TSIG key name.
Just a suggestion to track the issue, have you tried to capture the
packets involved in the successful and failed AXFR? May be there is a
bug in the code or an extra space in your configuration. By comparing
the requests you can find out the difference and point the diagnose in
the right direction.
Cheers
>
> Thanks
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Opendnssec-user
mailing list