View Single Post
  #11  
Old 29th October 2009, 21:12
gary_gb gary_gb is offline
Junior Member
 
Join Date: Oct 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yeah, can't say I can see the difference either.

I sort of mashed together instructions from several guides myself when I set up my test Master and Slave, but I think I mostly followed that guide too, and I'm getting various issues (using Ubuntu 8.04.3) like the slave doesn't seem to update unless I force it to using "sudo rndc reload" even though I turned down the TTL and refresh.

I think your problem may be related to having the 2 different "secret" keys. From what I understand, I thought that "secret" had to be the same on both Master and Slave:

Here's just a little cut n paste from:


http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch04.html

Quote:
Informing the Servers of the Key's Existence

Imagine host1 and host 2 are both servers. The following is added to each server's named.conf file:

key host1-host2. {
algorithm hmac-md5;
secret "La/E5CjG9O+os1jq0a2jdA==";
};

The algorithm, hmac-md5, is the only one supported by BIND. The secret is the one generated above. Since this is a secret, it is recommended that either named.conf be non-world readable, or the key directive be added to a non-world readable file that is included by named.conf.

At this point, the key is recognized. This means that if the server receives a message signed by this key, it can verify the signature. If the signature is successfully verified, the response is signed by the same key.
hth,
G.
Reply With Quote
Sponsored Links