Hello folks, I'm on CentOS 7, which has an older version of dig from this package:
# rpm -qf /usr/bin/dig bind-utils-9.9.4-51.el7_4.2.x86_64 When I use this dig to AXFR a zone from a Secure64 DNSSEC signer appliance, I'm seeing this at the end of the AXFR: ;; Query time: 32899 msec ;; SERVER: 193.0.7.194#53(193.0.7.194) ;; WHEN: Fri Apr 06 09:36:38 UTC 2018 ;; XFR size: 73829 records (messages 295, bytes 4801484) ;; WARNING -- Some TSIG could not be validated While I've seen TSIG failures caused by key mismatch, or mismatched time between servers, I've never seen a warning like this before, about TSIG validation, and I don't know what it means. I can't see anything strange with the AXFR. I would appreciate it if one of the BIND developers could explain what this warning means, and whether it is something to be worried about. Regards, Anand _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
