#1  
Old 24th August 2009, 11:26
CodeChris CodeChris is offline
Junior Member
 
Join Date: Aug 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Bind, Debian, BADSIG

Hi,

I am setting up a master slave DNS system using two debian boxes, they
are the latest version using the dev branch. I roughly followed this
tut http://www.howtoforge.org/debian_bin...r_slave_system

With the IP's .24 is master and .25 is slave

My issue is my two servers (same location so it's not a router/ACL
problem) cannot sync, the times are correct and in syslog I see this
on the master

client 5.59.5.25#22342: request has invalid signature: TSIG transfer:
tsig verify failure (BADSIG)

and this on the slave

zone example.co.uk/IN: refresh: failure trying master 5.59.5.24#53
(source 0.0.0.0#0): tsig indicates error

I will post named.conf, I am sure the secret hash key comes from
Kservername.co.uk.private I made using dnssec-keygen....

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/named.root";
};

key "TRANSFER" {
algorithm hmac-md5;
secret Cyo81M1X5SHjOz126BSW2w==;
};

server 5.59.5.25 {
keys {
TRANSFER;
};
};


and here is the slave

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

include "/etc/bind/rndc.key";

key "TRANSFER" {
algorithm hmac-md5;
secret "vGldxHA618+Om0y/uPfn+w==";
};

server 5.59.5.24 {
keys {
TRANSFER;
};
};

I have searched around but nobody seamed to have any answer that
called out to me, and as I said that tut has worked for other
people...

Thanks
Chris
Reply With Quote
Sponsored Links
  #2  
Old 25th August 2009, 12:39
CodeChris CodeChris is offline
Junior Member
 
Join Date: Aug 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Has nobody seen this before?

Chris
Reply With Quote
  #3  
Old 25th August 2009, 14:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

No, I haven't seen this before...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 25th August 2009, 15:46
CodeChris CodeChris is offline
Junior Member
 
Join Date: Aug 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

bollocks....maybe I should format and run through the tut again, I can't see anything I have done wrong though
Reply With Quote
  #5  
Old 26th August 2009, 12:07
CodeChris CodeChris is offline
Junior Member
 
Join Date: Aug 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Just checking a few basic things, ntpdate has been updated on both servers, that is fine, here is the named.conf.local on both servers master then slave


//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "domain.co.uk" {
type master;
file "/etc/bind/master/db.domain.co.uk";
};

zone "example.co.uk" {
type master;
file "/etc/bind/master/db.example.co.uk";
};



//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "domain.co.uk" {
type slave;
file "/etc/bind/slave/db.domain.co.uk";
masters { 5.59.5.4; };
allow-notify { 5.59.5.4; };
};
zone "example.co.uk" {
type slave;
file "/etc/bind/slave/db.example.co.uk";
masters { 5.59.5.24; };
allow-notify {5.59.5.24; };
};

I am guessing they are fine?
Reply With Quote
  #6  
Old 27th October 2009, 02:15
gary_gb gary_gb is offline
Junior Member
 
Join Date: Oct 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,

Just had exactly the same problem myself and found that I needed to restart bind on the 'master':

sudo /etc/init.d/bind9 restart

Had me confused for quite a while, and like you, seems I double checked everything else, grrr.

Here were the errors that I was getting:
(test setup - master:ns1:192.168.0.101 slave:ns2:192.168.0.102 domain/zone:test.local)

MASTER:
tail /var/log/syslog
Oct 26 23:39:35 ns1 named[4481]: client 192.168.0.102#37378: request has invalid signature: TSIG transfer: tsig verify failure (BADKEY)

SLAVE:
tail /var/log/syslog
Oct 26 23:40:22 ns2 named[5111]: zone test.local/IN: refresh: failure trying master 192.168.0.101#53 (source 0.0.0.0#0): tsig indicates error

Stopped bind on slave, restarted on master, started on slave and lo and behold...

Oct 27 00:10:37 ns2 named[5303]: zone test.local/IN: Transfer started.
Oct 27 00:10:37 ns2 named[5303]: transfer of 'test.local/IN' from 192.168.0.101#53: connected using 192.168.0.102#33584
Oct 27 00:10:37 ns2 named[5303]: zone test.local/IN: transferred serial 2009102101: TSIG 'transfer'
Oct 27 00:10:37 ns2 named[5303]: transfer of 'test.local/IN' from 192.168.0.101#53: end of transfer
Reply With Quote
Reply

Bookmarks

Tags
bind9, bsgsig, debian, transfer, tsig

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Permission Denied Bind Slave Server Problems wxman Server Operation 17 22nd March 2014 12:30
[debian 5 + ispconfig 3] Unable to send mail tanakskool HOWTO-Related Questions 6 4th November 2009 18:20
Booting On PXE And On A Customized Debian System sebastienp HOWTO-Related Questions 7 30th July 2009 21:13
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 00:57
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 06:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.