Kamus of Kadizhar yan at NsOeSiPnAeMr.com
Fri Oct 22 08:34:46 UTC 2004

I know this has probably been discussed to death, so my apologies if I
missed it in the archives....

I just set up a new server.  It's set up using Fedora Core 2.

I am running bind 9.2.3 (BIND 9.2.3 -u named -t /var/named/chroot) and
dhcpd V3.0.1rc14.

I've been through my entire TSIG configuration; when a client is assigned
a lease, I get:

Oct 21 10:19:51 kahn dhcpd: Unable to add forward map from tnd-253.tnd.lan
to invalid TSIG key

I have a similar set up with and older bind/dhcpd combination that works
just fine.  I set this one up identical to the old one; no joy.

I recreated the keys

dnssec-keygen -a HMAC-MD5 -b 128 -p 3 -n ZONE kahn.tnd.lan; no joy.

I've tried the default keygen command from the dhcpd.conf manpage; no joy.

I've been through a couple of FAQs on the web and I've checked my setup;
it is as similar as I can make it, no joy.  The only difference is that
the old setup is not running chrooted bind; this one is.  Does this make
any difference to TSIG?


key kahn.tnd.lan {
        algorithm hmac-md5 ;
        secret "<key>" ;
        } ;

zone "tnd.lan"{
        type master;
        file "tnd.hosts";
        allow-update { key kahn.tnd.lan ; };

zone "141.168.192.in-addr.arpa"{
        type master;
        file "tnd.hosts.rev";
        allow-update { key kahn.tnd.lan ; };


ddns-update-style interim;

key kahn.tnd.lan {
        algorithm hmac-md5 ;
        secret "<key>" ;

zone tnd.lan. {
        key kahn.tnd.lan ;

zone 141.168.192.in-addr.arpa. {
        key kahn.tnd.lan ;

Can anyone give me some pointers on where to look?  I can't for the life
of me figure out what I'm doing wrong....



More information about the bind-users mailing list