tsig verify failure (was Bind 9.1.0b Problems)

Jim Reid jim at rfc1035.com
Wed Dec 20 18:37:03 UTC 2000


>>>>> "Jon" == Jon Bibeau <jbibeau at c-i-s.com> writes:

    ... prologue about TSIG updates failing snipped ...

    Jon> The only difference between the two systems is voyager has
    Jon> Xwindows. This is a base Redhat 7.0 install with
    Jon> Linux-2.4.0-test11 and bind 9.1.0b.

What about the clocks on the two systems? TSIG records include
timestamps to prevent replay attacks. So if the clocks on the two
systems are different, verification of the TSIG record can fail.
BTW, have you tried turning up the name server debugging to see what
the verifier is doing? This might shed more light on why the
signatures are failing to be validated.



More information about the bind-users mailing list