bind 8.3.3 and TSIG

Cricket Liu cricket at
Tue Oct 1 02:02:46 UTC 2002

> > I wind up getting a BADSIG (-16) error. I suppose that means bind is
> > not crazy about the key..
> By any chance, is the zone you're trying to transfer also part of the key
> name? In other words, is your key named (or something
> similar) and the zone named  If so, try renaming your key to
> something totally different. The key name has to _look_ like a hostname,
> but it doesn't have to be a real one. In fact, I generally name my keys
> something like host1_com.host2_com.
> I ran into exactly this problem, however I haven't had a chance to submit
> it as a bug report yet.

This sounds very much like a bad interaction between the name
compression code and the TSIG verification code.  I wonder if
the TSIG verification code doesn't grok compressed owner names
in TSIG RRs.


Men & Mice
DNS Software, Training and Consulting

The DNS and BIND Cookbook, coming October 2002!

More information about the bind-users mailing list