bind 8.3.3 and TSIG
Cricket Liu
cricket at menandmice.com
Tue Oct 1 02:02:46 UTC 2002
> > I wind up getting a BADSIG (-16) error. I suppose that means bind is
> > not crazy about the key..
>
> By any chance, is the zone you're trying to transfer also part of the key
> name? In other words, is your key named key.example.com (or something
> similar) and the zone named example.com? If so, try renaming your key to
> something totally different. The key name has to _look_ like a hostname,
> but it doesn't have to be a real one. In fact, I generally name my keys
> something like host1_com.host2_com.
>
> I ran into exactly this problem, however I haven't had a chance to submit
> it as a bug report yet.
This sounds very much like a bad interaction between the name
compression code and the TSIG verification code. I wonder if
the TSIG verification code doesn't grok compressed owner names
in TSIG RRs.
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
The DNS and BIND Cookbook, coming October 2002!
http://www.oreilly.com/catalog/dnsbindckbk/
More information about the bind-users
mailing list