TSIG afxr failed while receiving responses: REFUSED
Mark Andrews
marka at isc.org
Mon May 26 07:53:09 UTC 2014
In message <5382EB30.6040006 at ripe.net>, Anand Buddhdev writes:
> On 26/05/2014 01:53, Mark Andrews wrote:
>
> Hi Mark,
>
> > Actually that isn't the mistake as they are both run through
> > dns_name_fromtext which will normalise them before comparison.
>
> I didn't know that. Does this mean that dots and dashes are equivalent
> or irrelevant in tisg key names?
No. Dots and dashes are not interchangable. I missed that difference.
I was referring to "tsig.key." is the absolute form of "tsig.key"
but given "tsig.key" is relative to "." they become equal and thus
interchangable.
And no this sort of error is not checkable by named-checkconf as
the key could refer to a SIG(0) key.
Obfuscating makes everything suspect and makes it harder to spot
errors. This is a classic example.
Mark
> Regards,
> Anand
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list