[Opendnssec-user] zonefetch.xml with TSIG
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Mar 3 10:18:29 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is a statement in the KNOWN_ISSUES file about TSIG
incompatibility, due to BIND9's cryptographic library. However, that
should not affect MD5.
Does the syslog inform you why the transfer failed?
Can you perhaps share the zonefetch.xml (off list)?
Best regards,
Matthijs Mekking
NLnet Labs
Pierre LEBRECH wrote:
> Hello,
>
> When I configure ODS to make AXFR without TSIG, zone_fetcher can transfer the zone. But if I use TSIG, it can not.
>
> I tried a manual dig with TSIG and it worked, but within ODS it didn't.
>
> So, where should I look to correct this?
>
> Here is my TSIG statement within zonefetch.xml :
>
> <TSIG>
> <Name>hidden-ods</Name>
> <Algorithm>hmac-md5</Algorithm>
> <Secret>y7ZSL+SXOglczotXGiYxTS2zhMu34QnjCGx0aYg4TqjOyrEsuL9+ZsmLhaHB/QJQeoU63mOyVeqtfTwBxU8oxA==</Secret>
> </TSIG>
>
> The name "hidden-ods" is the BIND TSIG key name.
>
> Thanks
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJLjjdtAAoJEA8yVCPsQCW5dDMH/2Pc61H1N37BLKpCniFx1HNf
A5GAS+lalHnIDMwI6fEvkt43cKCwuYwjkhxlgbg/QYeDJg0auvw+3Xob+WHQk550
h+GnmNqsCAprOyHnRZSeI5qVBgbz2W8V/Zp0YFcCRzeMuAye7R4jXWzYyqoEGESZ
YMrGYO7LZnLzLOBfzhSKnAiKDqNN8/bS3lnahX4jVNbu5bVklBtV0RVzU4ku+5/M
boIqalIV4TxCMlWuAbVh77wGhTO0czaJFPmHTJtxTOKp61PO54bO4EGTw7cRJCbj
3wHxfo4dyMo7ONZ9T8RhWXNJ0lgqObz5Xj3HitUi0Hbr9XEyQ2Q2OFz0aJlDBws=
=RUxu
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list