TSIG Zone Transfer fails
Simon Waters
Simon at wretched.demon.co.uk
Thu Oct 25 15:41:26 UTC 2001
Kevin Clark wrote:
>
> I have not touched my named.conf which contains all the key and
> transfer data. Secondary.com says everything is cool on there end.
> My only clue is that my system / hardware clock seems to be screwed
> up. My evidence is this. When I ping myself I get this message.
>
> Warning: time of day goes back, taking countermeasures.
>
> I understand that TSIG uses a timestamp as one of it's verification
> methods. If my time is screwed up I can see that this would cause a
> failure.
The error message your seeing here is I think a minor irritation
caused by using a recent kernel, and recent version of iputils.
http://www.redhat.com/mailing-lists/ia64-list/msg00555.html
I doubt this is related to your problem.
Time sync is important, are you using NTP to synchronise with a
good time source?
This is also a fairly old version of BIND, the changes file
includes better logging of TSIG errors amongst many other TSIG
related changes. I suggests 9.2.0rc7 (or 8 but I haven't tried
that yet).
More information about the bind-users
mailing list