Key Expirey.
Osman Shoukry
oshoukry at onepage.com
Mon Mar 26 19:25:16 UTC 2001
Hi all,
I recently setup the TSIG slave to send and retrieve signed requests to the
master. However I just noticed today that the TSIG started to fail, and
when I put the DNS in debug mode to see what is going on, I saw these
entries:
Mar 26 11:40:16.747 tsig key 'secret': signature has expired
Mar 26 11:40:16.747 client slave.ip.address#xx: request has invalid
signature: tsig verify failure
In the documentation, nothing is mentioned about what the lifetime of the
key is, and I thought it would be like the Raduis authentication shared
secret, which never expires.
To have run in TSIG mode, if the keys expire, it seems to me that I have to
write a script that would generate keys every "expiry date -1" and then
restart the named.
I am not sure if this is really how things are, or is there something I am
overlooking....
Any input on the subject is greatly appreciated,
Osman Shoukry
More information about the bind-users
mailing list