Walkenhorst, Benjamin Benjamin.Walkenhorst at
Fri Oct 22 11:11:16 UTC 2004


> I've been through a couple of FAQs on the web and I've 
> checked my setup;
> it is as similar as I can make it, no joy.  The only 
> difference is that
> the old setup is not running chrooted bind; this one is.  
> Does this make
> any difference to TSIG?

Unless you keep your keys in files outside the chroot, I don't
see how that would affect TSIG-behaviour.

I think you problem is more like this: To be able to use TSIG-keys,
you have to tell BIND not only about the key and what might be done
using the key (like DDNS-Updates), but you have to create an entry
of the following form for each machine that is to use TSIG:

server <server's IP> {
	keys { kahn.tnd.lan; };

Remember that not only the key's secret but also the *name* of the key has to be the same
on all machines that are to use it.

Kind regards,
Benjamin Walkenhorst

More information about the bind-users mailing list