Thanks Matthijs, here is what the log tell :
############################ snip Mar 3 10:55:27 rdb zone_fetcher: zone fetcher received NOTIFY for zone titi.fr Mar 3 10:55:27 rdb zone_fetcher: zone fetcher failed to start axfr: Could not create TSIG signature Mar 3 10:55:27 rdb zone_fetcher: AXFR for zone 'titi.fr' failed ############################ snip The BIND used is 9.6.1-P3 Matthijs Mekking wrote : > There is a statement in the KNOWN_ISSUES file about TSIG > incompatibility, due to BIND9's cryptographic library. However, that > should not affect MD5. > > Does the syslog inform you why the transfer failed? > Can you perhaps share the zonefetch.xml (off list)? > > Best regards, > > Matthijs Mekking > NLnet Labs > > Pierre LEBRECH wrote: > > Hello, > > > When I configure ODS to make AXFR without TSIG, zone_fetcher can > transfer the zone. But if I use TSIG, it can not. > > > I tried a manual dig with TSIG and it worked, but within ODS it didn't. > > > So, where should I look to correct this? > > > Here is my TSIG statement within zonefetch.xml : > > > <TSIG> > > <Name>hidden-ods</Name> > > <Algorithm>hmac-md5</Algorithm> > > > <Secret>y7ZSL+SXOglczotXGiYxTS2zhMu34QnjCGx0aYg4TqjOyrEsuL9+ZsmLhaHB/QJQeoU63mOyVeqtfTwBxU8oxA==</Secret> > > </TSIG> > > > The name "hidden-ods" is the BIND TSIG key name. > > > Thanks > > _______________________________________________ > > Opendnssec-user mailing list > > [email protected] > > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
