On 26. 08. 25 12:31, Peter 'PMc' Much wrote:
Out of recvsoa
recvgss()
recvgss creating rcvmsg
show_message()
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41256
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;546671530.sig-conr-e.intra.daemon.contact. ANY TKEY
;; ANSWER SECTION:
546671530.sig-conr-e.intra.daemon.contact. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0 0
dns_tkey_gssnegotiate: TKEY is unacceptable
TL;DR the _response_ is somehow wrong.
I would add -L99 to nsupdate command line.
Secondly I would add
KRB5_TRACE=/dev/stderr
to nsupdate invocation as well to see what krb5 library thinks of this.
--
Petr Špaček
Internet Systems Consortium
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
