[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?
Havard Eidnes
he at uninett.no
Sun Dec 25 22:41:30 UTC 2016
> From shell on the same box, a cmd-line transfer request
>
> dig -b 127.0.0.1 axfr example.com @127.0.0.1
This one doesn't use TSIG. If it did, you'd be using the -y option.
> In opendnssec's addns.xml, I've config'd,
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Adapter>
> <DNS>
> <TSIG>
> <Name>ods-key</Name>
> <Algorithm>hmac-sha256</Algorithm>
> <Secret>xxx...xxx</Secret>
> </TSIG>
You've configured OpenDNSSEC to use TSIG. You then need to make
the corresponding configuration on your BIND name server to
recognize that key, in the form
key ods-key {
algorithm hmac-sha256;
secret "xxx...xxx";
};
> Dec 25 11:41:16 dns ods-signerd: [xfrd] bad packet: zone example.com received error code NOTAUTH from 127.0.0.1
This is a hint.
> Dec 25 11:41:16 dns ods-signerd: [xfrd] zone example.com, from 127.0.0.1 has tsig error (Bad Key)
And this is the smoking gun.
Regards,
- Håvard
More information about the Opendnssec-user
mailing list