TSIG Keys
Danny Mayer
mayer at gis.net
Fri Jan 12 02:19:00 UTC 2001
Are you running NTP on the systems you are using them on and the
DNS Server? TSIG key signatures are sensitive to clock drift. If the clock
on the receiving end is different by too much of a time interval it will fail to
validate.
Danny
At 09:31 AM 1/11/01, Jon Bibeau wrote:
>Greetings, I was wondering if aside from the restrictions about system time
>and the actual key, is there a restriction about the system used to generate
>the TSIG keys... You see, I've got numerous computers going out into the
>field and was using an interal system to generation 20 new keys everynight.
>But I keep getting TSIG verify failure when I use them. But if I generate
>the keys on the DNS server itself, they work without problem... Anyone got
>any thoughts on this?
>
>Jon Bibeau <jbibeau at c-i-s.com>
>
>System Administrator,
>CIS Technical Services
>33 Main Street, Suite 303
>Nashua, NH 03060
>(603) 889-4684 (Local)
>(603) 889-0534 (Fax)
>
>"Some men see things the way they are and say, why?
>I dream of things that never where and say, why not?"
>-- Robert F. Kennedy
>
>
More information about the bind-users
mailing list