-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is a statement in the KNOWN_ISSUES file about TSIG incompatibility, due to BIND9's cryptographic library. However, that should not affect MD5.
Does the syslog inform you why the transfer failed? Can you perhaps share the zonefetch.xml (off list)? Best regards, Matthijs Mekking NLnet Labs Pierre LEBRECH wrote: > Hello, > > When I configure ODS to make AXFR without TSIG, zone_fetcher can transfer the > zone. But if I use TSIG, it can not. > > I tried a manual dig with TSIG and it worked, but within ODS it didn't. > > So, where should I look to correct this? > > Here is my TSIG statement within zonefetch.xml : > > <TSIG> > <Name>hidden-ods</Name> > <Algorithm>hmac-md5</Algorithm> > > <Secret>y7ZSL+SXOglczotXGiYxTS2zhMu34QnjCGx0aYg4TqjOyrEsuL9+ZsmLhaHB/QJQeoU63mOyVeqtfTwBxU8oxA==</Secret> > </TSIG> > > The name "hidden-ods" is the BIND TSIG key name. > > Thanks > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJLjjdtAAoJEA8yVCPsQCW5dDMH/2Pc61H1N37BLKpCniFx1HNf A5GAS+lalHnIDMwI6fEvkt43cKCwuYwjkhxlgbg/QYeDJg0auvw+3Xob+WHQk550 h+GnmNqsCAprOyHnRZSeI5qVBgbz2W8V/Zp0YFcCRzeMuAye7R4jXWzYyqoEGESZ YMrGYO7LZnLzLOBfzhSKnAiKDqNN8/bS3lnahX4jVNbu5bVklBtV0RVzU4ku+5/M boIqalIV4TxCMlWuAbVh77wGhTO0czaJFPmHTJtxTOKp61PO54bO4EGTw7cRJCbj 3wHxfo4dyMo7ONZ9T8RhWXNJ0lgqObz5Xj3HitUi0Hbr9XEyQ2Q2OFz0aJlDBws= =RUxu -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
