TSIG help

J.D. Bronson jbronson at wixb.com
Wed Jun 23 00:38:18 UTC 2004


Hmm. I need help getting more debug out of bind 9.3.0rc1...

I have TSIG working on 2 of 3 machines and it works fine in both 
directions. However, these 2 are on the same side of 1 router, so they 
never pass THRU this CISCO router.

The 3 machine is off site and I can TSIG "into it" without any issue, but 
cant TSIG 'out of it'.

I see the TSIG notify's coming from the offsite machine, but the local 
machine sees this and then fails:

[slave]
22-Jun-2004 19:26:08.637 client 1.2.3.4#23765: view external: received 
notify for zone 'electric.net': TSIG 'ns1.electric.net'

Jun 22 19:26:08 named[1590]: zone electric.net/IN/external: refresh: 
failure trying master 1.2.3.4#53 (source 192.168.1.2#0): tsig verify failure


...now, I am going thru a CISCO router (and I know they didnt pass TSIG 
awhile back...) but I think the latest IOS I am running does. After all, it 
does work 1 way at least...

anything I can do to debug this and either find MY error, or prove that the 
CISCO is messing up my TSIG?

it seems I can TSIG 'OUT' fine, but not 'IN'.

Thanks in advance....



-- 
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: jd at aurora.org // Pager: 414.314.8282



More information about the bind-users mailing list