[Opendnssec-user] zonefetch.xml with TSIG

Sebastian Castro sebastian at nzrs.net.nz
Tue Mar 2 22:43:31 UTC 2010

Pierre LEBRECH wrote:
> Hello,
> When I configure ODS to make AXFR without TSIG, zone_fetcher can transfer the zone. But if I use TSIG, it can not.
> I tried a manual dig with TSIG and it worked, but within ODS it didn't.
> So, where should I look to correct this?
> Here is my TSIG statement within zonefetch.xml :
> <TSIG>
>      <Name>hidden-ods</Name>
>      <Algorithm>hmac-md5</Algorithm>
>      <Secret>y7ZSL+SXOglczotXGiYxTS2zhMu34QnjCGx0aYg4TqjOyrEsuL9+ZsmLhaHB/QJQeoU63mOyVeqtfTwBxU8oxA==</Secret>
> </TSIG>
> The name "hidden-ods" is the BIND TSIG key name.

Just a suggestion to track the issue, have you tried to capture the
packets involved in the successful and failed AXFR? May be there is a
bug in the code or an extra space in your configuration. By comparing
the requests you can find out the difference and point the diagnose in
the right direction.


> Thanks
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535

More information about the Opendnssec-user mailing list