Re: «tsig verify failure» only on some zones
Joachim Tingvold
joachim at tingvold.com
Wed Aug 18 16:07:08 UTC 2010
On Wed, Aug 18, 2010, at 00:42:40AM GMT+02:00, Hauke Lampe wrote:
> What TSIG algorithms do you use and how long are the keys?
HMAC-MD5, 128 bit. The keys are 24 chars long. I'll try to test with
another algorithm, however I find it quite strange; if it works for
some zones, why doesn't it work for the others?
> It could be that you hit an interoperability bug in BIND that was
> fixed in 9.7.0, although it doesn't fit the symptoms exactly:
I see. No, it doesn't seem like the same symptoms. I could of course
try to downgrade NS3, or upgrade the two other, but I'd consider that
as a last-resort solution.
--
Joachim
More information about the bind-users
mailing list