[Kea-users] request has invalid signature: TSIG rndc-key: tsig verify failure (BADKEY)
Charles Curley
charlescurley at charlescurley.com
Sat Aug 9 22:06:25 UTC 2025
On Sat, 9 Aug 2025 15:29:37 -0600
Charles Curley <charlescurley at charlescurley.com> wrote:
> On Sat, 09 Aug 2025 09:04:02 +0200
> Carsten Strotmann via Kea-users <kea-users at lists.isc.org> wrote:
>
> > the TSIG-Keys need to have the same name on both sides (same name,
> > same algorithm, same key-data ("secret"), same clock-time on the
> > machines).
>
> See below. As they are on the same machine, the clock time should be
> identical.
I think I have it. I had a few syntax errors in the reverse.zone file.
Having cleaned those up, I now seem to get updates to bind and can read
them with host and dig.
root at tiassa:~# dig -4 jhegaalaw.example @localhost
; <<>> DiG 9.20.11-4-Debian <<>> -4 jhegaalaw.example @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34228
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f889fe6af91000b5010000006897c5c2dea3663d1e50a97e (good)
;; QUESTION SECTION:
;jhegaalaw.example. IN A
;; ANSWER SECTION:
jhegaalaw.example. 1200 IN A 192.168.10.15
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(localhost) (UDP)
;; WHEN: Sat Aug 09 16:03:46 MDT 2025
;; MSG SIZE rcvd: 90
root at tiassa:~#
Lesson: do it one step at a time, and make sure that step is working
correctly before you go on to the next step.
Thank you.
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/
More information about the Kea-users
mailing list