View Single Post
Old 24th August 2009, 12:26
CodeChris CodeChris is offline
Junior Member
Join Date: Aug 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Bind, Debian, BADSIG


I am setting up a master slave DNS system using two debian boxes, they
are the latest version using the dev branch. I roughly followed this

With the IP's .24 is master and .25 is slave

My issue is my two servers (same location so it's not a router/ACL
problem) cannot sync, the times are correct and in syslog I see this
on the master

client request has invalid signature: TSIG transfer:
tsig verify failure (BADSIG)

and this on the slave

zone refresh: failure trying master
(source tsig indicates error

I will post named.conf, I am sure the secret hash key comes from I made using dnssec-keygen....

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/named.root";

key "TRANSFER" {
algorithm hmac-md5;
secret Cyo81M1X5SHjOz126BSW2w==;

server {
keys {

and here is the slave

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

include "/etc/bind/rndc.key";

key "TRANSFER" {
algorithm hmac-md5;
secret "vGldxHA618+Om0y/uPfn+w==";

server {
keys {

I have searched around but nobody seamed to have any answer that
called out to me, and as I said that tut has worked for other

Reply With Quote
Sponsored Links