bind says 'clocks are unsynchronized' but they are not
Niklas Jakobsson
nico at autonomica.se
Thu Jul 8 08:43:47 UTC 2010
Hello,
This was my first guess as well, but since the TSIG fudge is set to 300
seconds then all zonetransfers which take more the 5 minutes would fail
if this was true.
/Nico
On tor, 2010-07-08 at 10:28 +0200, Gilles Massen wrote:
> Hi Nico,
>
> Could it be that the signature of the AXFR message is created at request
> time on the master (actually when the answer is build), but the
> validation on the client side is obviously only made at the end of the
> transfer?
>
> The RFC2845 suggests that this is possible, but I'm not fluent enough in
> bind source to confirm or deny...
>
> Best,
> Gilles
>
>
> Niklas Jakobsson wrote:
> > Hello,
> >
> > I have some problems with our bind servers complaining that 'clocks are
> > unsynchronized' when doing zone transfers with TSIG. The problem is the
> > clocks are correct, synced with ntp and everything.
> >
> > The problems seems to occur mostly on zone transfers that take a long
> > time (ie. hours).
> >
> > Anyone seen had any similar problems or have an idea what is going on?
> >
> > I'm running bind 9.6.1-P3 on debian/lenny.
> >
> > /Nico
> >
>
More information about the bind-users
mailing list