Problems with TSIG/DNSSEC
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Thu Aug 16 22:02:12 UTC 2001
> I tried setting the date on both server and they are within a few seconds.
Run 'date -u' on both machines. One is most probably in the wrong
timezone/daylight savings setting so while "localtime" on both
machines may look correct they are actually out.
'date -u' ignores timezones / daylight savings and reports
UTC.
Mark
> Do they have to be Sync'd for TSIG to work properly???
>
> -----Original Message-----
> From: Danny Mayer [mailto:mayer at gis.net]
> Sent: Thursday, August 16, 2001 10:57 AM
> To: Vinson Armstead - PA; comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: Problems with TSIG/DNSSEC
>
>
> Check the system date/time on both machines. They should be in
> agreement. If you are not running ntp, you should be.
>
> Danny
>
> At 10:19 AM 8/16/01, Vinson Armstead - PA wrote:
> >While experimenting with TSIG & DNSSEC I am receiving the following errors
> >on my master name server:
> >
> >Aug 16 10:08:03.318 dnssec: debug 2: tsig key 'server.domain.com':
> signature
> >is in the future
> >Aug 16 10:08:03.318 security: error: client x.x.x.x#1024: request has
> >invalid signature: tsig verify failure
> >Aug 16 10:08:03.825 dnssec: debug 2: tsig key 'server.domain.com':
> signature
> >is in the future
> >Aug 16 10:08:03.825 security: error: client x.x.x.x#1024: request has
>invalid signature: tsig verify failure
> >
> >I have checked the "key" & "server" statement on both the master and slave
> >(basically copied the text from one to the other).
> >
> >Zone updates and transfers work fine without using TSIG.
> >
> >Any suggestion??
> >
> >Thanks in advance
> >
> > > Vinson
> >
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list