TSIG afxr failed while receiving responses: REFUSED
Mark Andrews
marka at isc.org
Sun May 25 23:53:19 UTC 2014
In message <538274B9.6070703 at ripe.net>, Anand Buddhdev writes:
> On 25/05/2014 16:58, micah wrote:
>
> > zone "example.net" {
> > type master;
> > allow-transfer { key tsig.key.; };
>
> Here's your mistake. You've written tsig.key, whereas your key is called
> tsig-key. Those names don't match.
Actually that isn't the mistake as they are both run through
dns_name_fromtext which will normalise them before comparison.
We don't know what the mistake is as all the details required to
determin where the error is have been changed.
> > also-notify { ip.address.here.x; };
> > file "/etc/bind/master/db.example";
> > auto-dnssec maintain;
> > inline-signing yes;
> > };
> >
> > on the slave I have copied over the tsig.keys file and added to the
> > bottom of it:
> >
> > key "tsig-key" {
> > algorithm hmac-sha256;
> > secret "weeetsigblobhere=";
> > };
> >
> > server ip.of.master.here {
> > keys { "tsig-key"; };
> > };
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list