PROBLEM: transferring signed zones to slave
Danny Mayer
mayer at gis.net
Tue May 8 21:05:51 UTC 2001
You need to put the tsig key for the slave in it's named.conf in the
server {} statement.
Danny
Martin Krzywinski wrote:
> I am trying to transfer a signed zone from a master to slave server.
>
> The zone is worlatwar.org. The parent is 142.103.205.1 and the slave is
> 24.113.112.125.
>
> I am using bind 9.1.2. I am using TSIG.
>
> If I do not sign the zone, that is use db file with no KEY records,
> everything is fine. TSIG authorizes the connection and the zone information
> is transferred.
>
> If I sign the zone on the parent I get the following error when the slave
> tries to get the zone information:
>
> May 07 03:04:06.330 refresh_callback: zone worldatwar.org/IN: enter
> May 07 03:04:06.332 refresh_callback: zone worldatwar.org/IN: unexpected
> rcode (SERVFAIL) from 142.103.205.1#53
>
> I may have the keys set up incorrectly. Since I cannot ask .org to sign my
> zone keys, I have put the appropriate key entries in the
>
> trusted-keys {
> ...
> };
>
> section of the master's named.conf. I am not certain what to do with the
> slave.
>
> Just in case, I have tried copying the .key/.public key files into the
> slave's /var/named and adding the same trusted-keys into named.conf. I keep
> getting the same problem.
>
> The zone loads without a problem on the master, but no transfer occurs. I
> know it's a dnssec problem that has nothing to do with tsig, since tsig
> works on other zones.
>
> If anyone has any ideas, please pass them on. Someone must be doing what I
> am doing - it's not so strange.
>
> Regards,
>
> Martin
More information about the bind-users
mailing list