In message <032d01cf84c4$93869180$ba93b480$@cyberia.net.sa>, "Mohammed Ejaz" wr ites: > > I have info blox DNS appliance and slave is BIND > 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4, now the problem is "Zone transfer > wont happening" when I am enabling Tsig key at master server of infoblox. > It gives you the error like " client request has invalid signature tsig > tranfer: tisg verify failure" > > Here is the configuration, I was trying to do it. . > > My client/slave server configuration, the file created tsig.key under > /var/named with the following entries nI > > key "TRANSFER" { > algorithm HMAC-MD5; > #secret "ODvOnAg9F2j2Y09jTQRC276h1vY="; > secret "egr5WSDQAlP54KrnWweRjg=="; > }; > > # Master server IP > > server 195.88.245.33 { > > keys { TRANSFER; }; > > }; > > In named.conf file on the slave server. > > include "/var/named/tsigkeys"; > > Any help would be highly appreciated. > > Thanks > > Ejaz Sys admin
Does the key name match? Does the secret match? Does the algorithm match? If you are using truncated tsig does the length match? If you are using views is the server clause within the view? Time should be ok as there is a different error code with a different description. Have you tried testing this with dig? dig -y TRANSFER:egr5WSDQAlP54KrnWweRjg== axfr <zone> @195.88.245.33 +all e.g. % dig -y TRANSFER:egr5WSDQAlP54KrnWweRjg== axfr dv.isc.org +all ;; Couldn't verify signature: tsig indicates error ; <<>> DiG 9.11.0pre-alpha <<>> -y TRANSFER axfr dv.isc.org +all ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOTAUTH, id: 15607 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dv.isc.org. IN AXFR ;; TSIG PSEUDOSECTION: transfer. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1402438051 300 0 15607 BADKEY 0 ; Transfer failed. % Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users