View Single Post
  #1  
Old 24th August 2009, 12:26
CodeChris CodeChris is offline
Junior Member
 
Join Date: Aug 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Bind, Debian, BADSIG

Hi,

I am setting up a master slave DNS system using two debian boxes, they
are the latest version using the dev branch. I roughly followed this
tut http://www.howtoforge.org/debian_bin...r_slave_system

With the IP's .24 is master and .25 is slave

My issue is my two servers (same location so it's not a router/ACL
problem) cannot sync, the times are correct and in syslog I see this
on the master

client 5.59.5.25#22342: request has invalid signature: TSIG transfer:
tsig verify failure (BADSIG)

and this on the slave

zone example.co.uk/IN: refresh: failure trying master 5.59.5.24#53
(source 0.0.0.0#0): tsig indicates error

I will post named.conf, I am sure the secret hash key comes from
Kservername.co.uk.private I made using dnssec-keygen....

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/named.root";
};

key "TRANSFER" {
algorithm hmac-md5;
secret Cyo81M1X5SHjOz126BSW2w==;
};

server 5.59.5.25 {
keys {
TRANSFER;
};
};


and here is the slave

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

include "/etc/bind/rndc.key";

key "TRANSFER" {
algorithm hmac-md5;
secret "vGldxHA618+Om0y/uPfn+w==";
};

server 5.59.5.24 {
keys {
TRANSFER;
};
};

I have searched around but nobody seamed to have any answer that
called out to me, and as I said that tut has worked for other
people...

Thanks
Chris
Reply With Quote
Sponsored Links