tsig verify failure
Jim Reid
jim at rfc1035.com
Sun Apr 8 12:37:49 UTC 2001
>>>>> "Maximo" == Maximo Ramos <maximo at violadores.org> writes:
Maximo> named[24526]: client X.X.X.X#1073: request has invalid signature: tsig verify failure
Maximo> I searched in the mailing list archives and found:
>> Have you checked that the clocks on the client and server are
>> synchronised? TSIGs include a timestamp to reduce the potential
>> for replay attacks. If the client and server's clocks are out
>> by too much, TSIG validation fails.
Maximo> Of course the time is different!!!! I am trying to allow
Maximo> two friends in Canada and Finland to update my domain
Maximo> zone, and they DONT have NS servers, nor static IP
Maximo> addresses. They are just dumb clients.
Time zones don't matter. UTC is the same everywhere. Most computer
systems use UTC for timekeeping and convert from that to the local
timezone when presenting the time of day to and end user. Go look at
the man pages for gettimeofday() and ctime(). Provided the computers
in Canada and Finland have the same idea of what UTC is -- the Network
Time Protocol is your friend -- the timestamps in the transaction
signatures (TSIGs) will be OK which will mean they will validate.
More information about the bind-users
mailing list