Problems with TSIG/DNSSEC
Vinson Armstead - PA
Vinson_Armstead at GMACM.COM
Thu Aug 16 15:33:08 UTC 2001
I tried setting the date on both server and they are within a few seconds.
Do they have to be Sync'd for TSIG to work properly???
-----Original Message-----
From: Danny Mayer [mailto:mayer at gis.net]
Sent: Thursday, August 16, 2001 10:57 AM
To: Vinson Armstead - PA; comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Problems with TSIG/DNSSEC
Check the system date/time on both machines. They should be in
agreement. If you are not running ntp, you should be.
Danny
At 10:19 AM 8/16/01, Vinson Armstead - PA wrote:
>While experimenting with TSIG & DNSSEC I am receiving the following errors
>on my master name server:
>
>Aug 16 10:08:03.318 dnssec: debug 2: tsig key 'server.domain.com':
signature
>is in the future
>Aug 16 10:08:03.318 security: error: client x.x.x.x#1024: request has
>invalid signature: tsig verify failure
>Aug 16 10:08:03.825 dnssec: debug 2: tsig key 'server.domain.com':
signature
>is in the future
>Aug 16 10:08:03.825 security: error: client x.x.x.x#1024: request has
>invalid signature: tsig verify failure
>
>I have checked the "key" & "server" statement on both the master and slave
>(basically copied the text from one to the other).
>
>Zone updates and transfers work fine without using TSIG.
>
>Any suggestion??
>
>Thanks in advance
>
> > Vinson
>
More information about the bind-users
mailing list