TSIG Keys
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Fri Jan 12 02:25:29 UTC 2001
There is also a bug fixed in 8.2.3 that if the key name is
compressed on the wire verification will fail. The work
around is to use a name that won't be compressed.
e.g.
foo.bar._key as _key is not a valid tld.
Mark
>
> Are you running NTP on the systems you are using them on and the
> DNS Server? TSIG key signatures are sensitive to clock drift. If the clo
> ck
> on the receiving end is different by too much of a time interval it will f
> ail to
> validate.
>
> Danny
> At 09:31 AM 1/11/01, Jon Bibeau wrote:
>
> >Greetings, I was wondering if aside from the restrictions about system time
> >and the actual key, is there a restriction about the system used to generate
> >the TSIG keys... You see, I've got numerous computers going out into the
> >field and was using an interal system to generation 20 new keys everynight.
> >But I keep getting TSIG verify failure when I use them. But if I generate
> >the keys on the DNS server itself, they work without problem... Anyone got
> >any thoughts on this?
> >
> >Jon Bibeau <jbibeau at c-i-s.com>
> >
> >System Administrator,
> >CIS Technical Services
> >33 Main Street, Suite 303
> >Nashua, NH 03060
> >(603) 889-4684 (Local)
> >(603) 889-0534 (Fax)
> >
> >"Some men see things the way they are and say, why?
> >I dream of things that never where and say, why not?"
> >-- Robert F. Kennedy
> >
> >
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list