dig warns that some TSIG could not be validated
Anand Buddhdev
anandb at ripe.net
Fri Apr 6 10:21:49 UTC 2018
Hello folks,
I'm on CentOS 7, which has an older version of dig from this package:
# rpm -qf /usr/bin/dig
bind-utils-9.9.4-51.el7_4.2.x86_64
When I use this dig to AXFR a zone from a Secure64 DNSSEC signer
appliance, I'm seeing this at the end of the AXFR:
;; Query time: 32899 msec
;; SERVER: 193.0.7.194#53(193.0.7.194)
;; WHEN: Fri Apr 06 09:36:38 UTC 2018
;; XFR size: 73829 records (messages 295, bytes 4801484)
;; WARNING -- Some TSIG could not be validated
While I've seen TSIG failures caused by key mismatch, or mismatched time
between servers, I've never seen a warning like this before, about TSIG
validation, and I don't know what it means.
I can't see anything strange with the AXFR. I would appreciate it if one
of the BIND developers could explain what this warning means, and
whether it is something to be worried about.
Regards,
Anand
More information about the bind-users
mailing list