Configuring TSIG keys and ACL's on slave server
Phusion
phusion2k at gmail.com
Tue Apr 24 15:30:42 UTC 2007
On 4/18/07, Phusion <phusion2k at gmail.com> wrote:
> On 4/18/07, Niall O'Reilly <Niall.oReilly at ucd.ie> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > On 18 Apr 2007, at 17:00, Phusion wrote:
> >
> > > On the master server.
> >
> > What is the IP address of the master ?
> >
>
> 10.1.1.2
>
> > > Apr 18 10:33:39 smdndnsp1 named[20024]: zone mdnlan.test.com/IN:
> > > sending notifies (serial 2007033047)
> > > Apr 18 10:33:39 smdndnsp1 named[20024]: zone test.com/IN: sending
> > > notifies (serial 2007041301)
> > > Apr 18 10:43:06 smdndnsp1 named[20024]: client 127.0.0.1#35543:
> > > request has invalid signature: TSIG mdnlan: tsig verify failure
> > > (BADKEY)
> >
> > Did you sent a TSIG-protected request to the master
> > (as localhost) from itself, or what?
> >
> > > On the slave server.
> >
> > Again, what address are you using on thbis server?
> >
>
> 10.1.1.3
>
> > > Apr 18 10:51:34 smdndnsp2 named[25820]: client 10.1.1.3#38682:
> > > received notify for zone 'mdnlan.test.com'
> > > Apr 18 10:51:34 smdndnsp2 named[25820]: zone mdnlan.test.com/IN:
> > > refused notify from non-master: 10.1.1.3#38682
> >
> > Slave doesn't recognize 10.1.1.3 as a master.
> >
> > > Apr 18 10:51:34 smdndnsp2 named[25820]: zone 1.1.10.in-addr.arpa/IN:
> > > refresh: unexpected rcode (SERVFAIL) from master 10.1.1.2#53 (source
> > > 0.0.0.0#0)
> >
> > Slave thinks 10.1.1.2 is the master for this zone, but the
> > server at this address doesn't carry the zone, or whatever.
> >
> > /Niall
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (Darwin)
> >
> > iD8DBQFGJmz7eYfkja6ZXtkRAj6CAKCexI7CGplO8p/8F0KRtf8SQLanBQCfQorN
> > gmTaTGIJohfgJApi7EpyrKY=
> > =KiGQ
> > -----END PGP SIGNATURE-----
> >
>
> Niall,
>
> Phusion
>
Anyone have any ideas of why this isn't working. Let me know.
Phusion
More information about the bind-users
mailing list