Configuring TSIG keys and ACL's on slave server

Phusion phusion2k at gmail.com
Wed Apr 18 16:00:02 UTC 2007


On 4/17/07, Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> OK, so you've made some changes to your config. Is it working or not?
> Don't keep us in suspense.
>
>
>             - Kevin
>

I don't think it's working. Here are the error log entries I am
getting from named from the two servers.

On the master server.

Apr 18 10:33:39 smdndnsp1 named[20024]: zone mdnlan.test.com/IN:
sending notifies (serial 2007033047)
Apr 18 10:33:39 smdndnsp1 named[20024]: zone test.com/IN: sending
notifies (serial 2007041301)
Apr 18 10:43:06 smdndnsp1 named[20024]: client 127.0.0.1#35543:
request has invalid signature: TSIG mdnlan: tsig verify failure
(BADKEY)

On the slave server.

Apr 18 10:51:34 smdndnsp2 named[25820]: client 10.1.1.3#38682:
received notify for zone 'mdnlan.test.com'
Apr 18 10:51:34 smdndnsp2 named[25820]: zone mdnlan.test.com/IN:
refused notify from non-master: 10.1.1.3#38682
Apr 18 10:51:34 smdndnsp2 named[25820]: client 10.1.1.3#38682:
received notify for zone 'test.com'
Apr 18 10:51:34 smdndnsp2 named[25820]: zone test.com/IN: refused
notify from non-master: 10.1.1.3#38682
Apr 18 10:51:34 smdndnsp2 named[25820]: zone 1.1.10.in-addr.arpa/IN:
refresh: unexpected rcode (SERVFAIL) from master 10.1.1.2#53 (source
0.0.0.0#0)
Apr 18 10:52:32 smdndnsp2 named[25820]: zone 1.1.10.in-addr.arpa/IN:
refresh: unexpected rcode (SERVFAIL) from master 10.1.1.2#53 (source
0.0.0.0#0)
Apr 18 10:54:27 smdndnsp2 named[25820]: zone 1.1.10.in-addr.arpa/IN:
refresh: unexpected rcode (SERVFAIL) from master 10.1.1.2#53 (source
0.0.0.0#0)

It appears to be an access problem of some sort.

Phusion



More information about the bind-users mailing list