BIND 9.3.1 TSIG Error Message
Mark Andrews
Mark_Andrews at isc.org
Mon Oct 24 23:31:44 UTC 2005
> I am receiving the following error message when the slave tries to update
> its zone file: "request has invalid signature: TSIG tsig-key: tsig verify
> failure (BADTIME)"
> According to the BIND Manual, this results when "a TSIG aware server
> receives a message with a time outside of the allowed range, the response
> will be signed with the TSIG extended error code set to BADTIME, and the
> time values will be adjusted so that the response can be successfully
> verified."
> How can I resolve this??
Fix your clocks so they are all running at the correct time.
While nsupdate could be made to resend the query with the
time stamps set to that of the server there are so many
other things that needed correct time in networked computers
these days that it is usually easier to just fix the clocks.
This not only fixes nsupdate. It also fixes time stamps in
email. Makes kerberos work. Makes NFS work. Makes your
logs have the right time. The list goes on.
I suggest you run NTP on your machines to keep them in sync.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list