TSIG errors
Cricket Liu
cricket at menandmice.com
Tue Oct 9 21:32:05 UTC 2001
> I'm having a problem setting up TSIG's between my primary and secondary
servers.
> I tried following the instructions in the DNS & BIND book, but am
obviously
> missing something. I'm running BIND 8.2.3 on both master and slave.
I'm
> receiving the following error message when the primary tries to send a
notify
> for an IXFR:
>
> named-xfer[19921]: SOA TSIG verification from server [(primary ip
address], zone
> myzone.tst: no TSIG present (-10)
>
> My primary is setup with:
>
> key updatekey. {
>
> algorithm hmac-md5;
> secret "(my secret key";
> };
> options {
> directory "/var/named";
> auth-nxdomain yes;
> allow-transfer {
> key {updatekey.;};
> any;
> };
> maintain-ixfr-base yes;
> max-ixfr-log-size 1M;
> transfer-format many-answers;
> };
The primary is missing a server statement that tells it to sign transactions
with
the slave. Also, you have curly braces around the key name.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
More information about the bind-users
mailing list