many-answers vs. TSIG
James Raftery
james-bind-users at domainregistry.ie
Mon Jul 17 13:39:58 UTC 2000
Hi,
We're rolling out transaction signatures (TSIG) between some of our
nameservers, and it seems that using 'transfer-format many-answers;'
breaks verification.
We were logging the following message, relating to all zones - below is
just an example, on each of the servers that were testing TSIG until
'many-answers' was set back to 'one-answer' (whereupon log messages
stopped, and servers communicated properly):
Jul 12 09:51:58 drno named-xfer[20564]: TSIG verification from server [193.1.142.2], zone ie: no TSIG present (-10)
Is this expected behaviour or do 'many-answers' and TSIG simply not play
well together?
All machines concerned are running BIND 8.2.2-P5.
Regards,
james
--
James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster
IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375
"Managing 4000 customer domains with BIND has been a lot like
herding cats." - Mike Batchelor, on dns at list.cr.yp.to.
More information about the bind-users
mailing list