Hi Laura, TSIG failures can occur if the time on the client and server differs by more than 5 minutes. Perhaps the time on one of the systems (likely the primary) is wrong by more than 5 minutes.
Regards, Anand On Thu, 16 May 2024 at 10:41, n5d9xq3ti233xiyif2vp--- via nsd-users < nsd-users@lists.nlnetlabs.nl> wrote: > Could someone kindly explain what "query: bad tsig signature for key" > means and how to fix it ? > > > I have quadruple checked (a) tsig key matches both sides (b) tsig algo > matches both sides. > > > Primary is PowerDNS 4.9.0 (from the PowerDNS repo) > Secondaries are NSD 4.6.1 (from Debian Bookworm distro repo) > > > The secondaries do not receive notifies from primary, instead posting the > above error to logs. So they are currently relying on SOA pull refresh > behaviour. > > > Setting "verbosity:2" in nsd.conf has absolutely zero effect. It produces > zero extra detail in logs. > > > Thanks ! > > > Laura > > _______________________________________________ > nsd-users mailing list > nsd-users@lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >
_______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
