many-answers vs. TSIG

James Raftery james-bind-users at domainregistry.ie
Mon Jul 17 13:39:58 UTC 2000


Hi,

We're rolling out transaction signatures (TSIG) between some of our
nameservers, and it seems that using 'transfer-format many-answers;'
breaks verification.

We were logging the following message, relating to all zones - below is
just an example, on each of the servers that were testing TSIG until 
'many-answers' was set back to 'one-answer' (whereupon log messages 
stopped, and servers communicated properly):

Jul 12 09:51:58 drno named-xfer[20564]: TSIG verification from server [193.1.142.2], zone ie: no TSIG present (-10)

Is this expected behaviour or do 'many-answers' and TSIG simply not play 
well together?
All machines concerned are running BIND 8.2.2-P5.

Regards,

james
-- 
James Raftery (JBR54)  -  Programmer Hostmaster  -  IE TLD Hostmaster
   IE Domain Registry  -  www.domainregistry.ie  -  (+353 1) 706 2375
  "Managing 4000 customer domains with BIND has been a lot like
   herding cats." - Mike Batchelor, on dns at list.cr.yp.to.



More information about the bind-users mailing list