TSIG badkey
Kevin Darcy
kcd at daimlerchrysler.com
Tue Feb 10 03:07:21 UTC 2004
Jens Rosenthal wrote:
>Hi there,
>
>I'm having real trouble here. Perhaps anyone can help...
>
>I had set up two BIND9 servers with dynamic dnsupdate with keys, etc.
>Everithing was fine.
>
>Now one of the machines died and with this machine the key. So I've
>created a new key put it in /etc/named.conf in the place of the old
>key, reloaded/restarted the named.
>
>On the client I only get:
>----
>;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 10262
>;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
>;; TSIG PSEUDOSECTION:
>gateway.home.jason.de. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1076338693 300 0 10262 BADKEY 0
>----
>
>On the server I get:
>----
>Feb 09 15:35:18.841 client ***#***: updating zone 'jason.de/IN': update failed: not authoritative for update zone (NOTAUTH)
>----
>
>I tried anything I could image to get it working, but everything
>fails...
>
>
Looks like you have 2 problems here: 1) the key you're using to sign the
update doesn't match any key which is permitted to dynamically update
the zone, and 2) the server is no longer authoritative for the zone,
either because it disappeared from named.conf or there is some sort of
error in the zone file which is preventing it from loading.
- Kevin
More information about the bind-users
mailing list