Problems transferring zones with TSIG.

Shaun T. Erickson sterickson at gmail.com
Fri Oct 20 03:59:13 UTC 2006 

Zone transfers between two RHEL 4.4 systems, both running bind 9.2.4,
were working. I wanted to add TSIG to the mix. I have the keyfile on
both servers and that part appears to be ok, as you can see in the
output, below, that my server says the request has a valid signature.
The transfers fail though. Yes, I checked the time and both systems
are the same and getting it via ntp. I don't understand what the
problem is. Suggestions? This is happening for all of my domains.

Oct 19 22:42:44.936 client 64.124.174.11#43385: UDP request
Oct 19 22:42:44.937 client 64.124.174.11#43385: request has valid signature
Oct 19 22:42:44.937 client 64.124.174.11#43385: query
Oct 19 22:42:44.937 client 64.124.174.11#43385: query
'tales-of-the-wanderer.com/IN' approved
Oct 19 22:42:44.937 client 64.124.174.11#43385: send
Oct 19 22:42:44.938 client 64.124.174.11#43385: sendto
Oct 19 22:42:44.938 client 64.124.174.11#43385: senddone
Oct 19 22:42:44.938 client 64.124.174.11#43385: next
Oct 19 22:42:44.938 client 64.124.174.11#43385: endrequest
Oct 19 22:42:44.938 client @0x8f68618: udprecv
Oct 19 22:42:45.089 client 64.124.174.11#40903: new TCP connection
Oct 19 22:42:45.090 client 64.124.174.11#40903: replace
Oct 19 22:42:45.090 clientmgr @0x8e5d390: createclients
Oct 19 22:42:45.090 clientmgr @0x8e5d390: recycle
Oct 19 22:42:45.090 client 64.124.174.11#40903: read
Oct 19 22:42:45.090 client @0x8f095d0: accept
Oct 19 22:42:45.129 client 64.124.174.11#40903: TCP request
Oct 19 22:42:45.129 client 64.124.174.11#40903: request has valid signature
Oct 19 22:42:45.129 client 64.124.174.11#40903: query
Oct 19 22:42:45.129 client 64.124.174.11#40903: zone transfer
'tales-of-the-wanderer.com/IN' denied
Oct 19 22:42:45.130 client 64.124.174.11#40903: zone transfer setup failed
Oct 19 22:42:45.130 client 64.124.174.11#40903: error
Oct 19 22:42:45.130 client 64.124.174.11#40903: send
Oct 19 22:42:45.130 client 64.124.174.11#40903: sendto
Oct 19 22:42:45.131 client 64.124.174.11#40903: senddone
Oct 19 22:42:45.131 client 64.124.174.11#40903: next
Oct 19 22:42:45.131 client 64.124.174.11#40903: endrequest
Oct 19 22:42:45.131 client 64.124.174.11#40903: read
Oct 19 22:42:45.203 client 64.124.174.11#40903: next
Oct 19 22:42:45.204 client 64.124.174.11#40903: request failed: end of file
Oct 19 22:42:45.204 client 64.124.174.11#40903: endrequest
Oct 19 22:42:45.204 client 64.124.174.11#40903: closetcp
Oct 19 22:42:45.351 client 64.124.174.11#40904: new TCP connection
Oct 19 22:42:45.351 client 64.124.174.11#40904: replace
Oct 19 22:42:45.351 clientmgr @0x8e5d390: createclients
Oct 19 22:42:45.351 clientmgr @0x8e5d390: recycle
Oct 19 22:42:45.351 client 64.124.174.11#40904: read
Oct 19 22:42:45.351 client @0x8f28c70: accept
Oct 19 22:42:45.409 client 64.124.174.11#40904: TCP request
Oct 19 22:42:45.410 client 64.124.174.11#40904: request has valid signature
Oct 19 22:42:45.410 client 64.124.174.11#40904: query
Oct 19 22:42:45.410 client 64.124.174.11#40904: query
'tales-of-the-wanderer.com/IN' approved
Oct 19 22:42:45.410 client 64.124.174.11#40904: send
Oct 19 22:42:45.411 client 64.124.174.11#40904: sendto
Oct 19 22:42:45.411 client 64.124.174.11#40904: senddone
Oct 19 22:42:45.411 client 64.124.174.11#40904: next
Oct 19 22:42:45.411 client 64.124.174.11#40904: endrequest
Oct 19 22:42:45.412 client 64.124.174.11#40904: read
Oct 19 22:42:45.563 client 64.124.174.11#40904: TCP request
Oct 19 22:42:45.563 client 64.124.174.11#40904: request has valid signature
Oct 19 22:42:45.563 client 64.124.174.11#40904: query
Oct 19 22:42:45.564 client 64.124.174.11#40904: zone transfer
'tales-of-the-wanderer.com/IN' denied
Oct 19 22:42:45.564 client 64.124.174.11#40904: zone transfer setup failed
Oct 19 22:42:45.564 client 64.124.174.11#40904: error
Oct 19 22:42:45.564 client 64.124.174.11#40904: send
Oct 19 22:42:45.564 client 64.124.174.11#40904: sendto
Oct 19 22:42:45.565 client 64.124.174.11#40904: senddone
Oct 19 22:42:45.565 client 64.124.174.11#40904: next
Oct 19 22:42:45.565 client 64.124.174.11#40904: endrequest
Oct 19 22:42:45.565 client 64.124.174.11#40904: read
Oct 19 22:42:45.594 client 64.124.174.11#40904: next
Oct 19 22:42:45.594 client 64.124.174.11#40904: request failed: end of file
Oct 19 22:42:45.594 client 64.124.174.11#40904: endrequest
Oct 19 22:42:45.594 client 64.124.174.11#40904: closetcp
-- 
        -ste

More information about the bind-users mailing list