-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Pierre,
hmac-md5 is not a valid algorithm identifier. Please use hmac-md5.sig-alg.reg.int I'll add code that accepts the string 'hmac-md5' in the zonefetch as well. Best regards, Matthijs Pierre LEBRECH wrote: > Thanks Matthijs, > > here is what the log tell : > > ############################ snip > Mar 3 10:55:27 rdb zone_fetcher: zone fetcher received NOTIFY for zone > titi.fr > Mar 3 10:55:27 rdb zone_fetcher: zone fetcher failed to start axfr: > Could not create TSIG signature > Mar 3 10:55:27 rdb zone_fetcher: AXFR for zone 'titi.fr' failed > ############################ snip > > The BIND used is 9.6.1-P3 > > > Matthijs Mekking wrote : >> There is a statement in the KNOWN_ISSUES file about TSIG >> incompatibility, due to BIND9's cryptographic library. However, that >> should not affect MD5. >> >> Does the syslog inform you why the transfer failed? >> Can you perhaps share the zonefetch.xml (off list)? >> >> Best regards, >> >> Matthijs Mekking >> NLnet Labs >> >> Pierre LEBRECH wrote: >>> Hello, >>> When I configure ODS to make AXFR without TSIG, zone_fetcher can >> transfer the zone. But if I use TSIG, it can not. >> >>> I tried a manual dig with TSIG and it worked, but within ODS it didn't. >>> So, where should I look to correct this? >>> Here is my TSIG statement within zonefetch.xml : >>> <TSIG> >>> <Name>hidden-ods</Name> >>> <Algorithm>hmac-md5</Algorithm> >>> >> <Secret>y7ZSL+SXOglczotXGiYxTS2zhMu34QnjCGx0aYg4TqjOyrEsuL9+ZsmLhaHB/QJQeoU63mOyVeqtfTwBxU8oxA==</Secret> >>> </TSIG> >>> The name "hidden-ods" is the BIND TSIG key name. >>> Thanks >>> _______________________________________________ >>> Opendnssec-user mailing list >>> [email protected] >>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJLjm2zAAoJEA8yVCPsQCW5hxsH/34pmOMhKlGONN7WIlrUDNOE Ale94I5sV6dEqpaD1wgpW52TM521z99zGSs0Z5nuJabFq1/h5BazNibOUkEakhCl c/pP6XbQSzBg1+WWkeTUk9twguAK9vRNFSUkWRWIqis2huX1+gYiPak9w+AgGZNx QXVKqOmrUNIH5XCKyhAdY/GIdlOzRsuT3R31eMxhZkj/pNoG9chkDM+Xr17O51k0 +JaPWOXYB5OAQgp5BTRLCtReDW0oJcENp3LjvLXeulS8OKOK2zdPGC47apXWu4UG xkYnwBLyVsD/LZmf9fx+2MEF157Jm7CCwto62Z8L1T+r0UdQgim6gNPGX5LYKbU= =FSO6 -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
