[Opendnssec-user] zonefetch.xml with TSIG
Pierre LEBRECH
pierre.lebrech at laposte.net
Wed Mar 3 12:20:57 UTC 2010
Thanks Matthijs,
here is what the log tell :
############################ snip
Mar 3 10:55:27 rdb zone_fetcher: zone fetcher received NOTIFY for zone
titi.fr
Mar 3 10:55:27 rdb zone_fetcher: zone fetcher failed to start axfr:
Could not create TSIG signature
Mar 3 10:55:27 rdb zone_fetcher: AXFR for zone 'titi.fr' failed
############################ snip
The BIND used is 9.6.1-P3
Matthijs Mekking wrote :
> There is a statement in the KNOWN_ISSUES file about TSIG
> incompatibility, due to BIND9's cryptographic library. However, that
> should not affect MD5.
>
> Does the syslog inform you why the transfer failed?
> Can you perhaps share the zonefetch.xml (off list)?
>
> Best regards,
>
> Matthijs Mekking
> NLnet Labs
>
> Pierre LEBRECH wrote:
> > Hello,
>
> > When I configure ODS to make AXFR without TSIG, zone_fetcher can
> transfer the zone. But if I use TSIG, it can not.
>
> > I tried a manual dig with TSIG and it worked, but within ODS it didn't.
>
> > So, where should I look to correct this?
>
> > Here is my TSIG statement within zonefetch.xml :
>
> > <TSIG>
> > <Name>hidden-ods</Name>
> > <Algorithm>hmac-md5</Algorithm>
> >
> <Secret>y7ZSL+SXOglczotXGiYxTS2zhMu34QnjCGx0aYg4TqjOyrEsuL9+ZsmLhaHB/QJQeoU63mOyVeqtfTwBxU8oxA==</Secret>
> > </TSIG>
>
> > The name "hidden-ods" is the BIND TSIG key name.
>
> > Thanks
> > _______________________________________________
> > Opendnssec-user mailing list
> > Opendnssec-user at lists.opendnssec.org
> > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list