Bind, Debian, BADSIG

[gary_gb]

Yeah, can't say I can see the difference either.

I sort of mashed together instructions from several guides myself when I set up my test Master and Slave, but I think I mostly followed that guide too, and I'm getting various issues (using Ubuntu 8.04.3) like the slave doesn't seem to update unless I force it to using "sudo rndc reload" even though I turned down the TTL and refresh.

I think your problem may be related to having the 2 different "secret" keys. From what I understand, I thought that "secret" had to be the same on both Master and Slave:

Here's just a little cut n paste from:


http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch04.html

Quote:

Informing the Servers of the Key's Existence

Imagine host1 and host 2 are both servers. The following is added to each server's named.conf file:

key host1-host2. {
algorithm hmac-md5;
secret "La/E5CjG9O+os1jq0a2jdA==";
};

The algorithm, hmac-md5, is the only one supported by BIND. The secret is the one generated above. Since this is a secret, it is recommended that either named.conf be non-world readable, or the key directive be added to a non-world readable file that is included by named.conf.

At this point, the key is recognized. This means that if the server receives a message signed by this key, it can verify the signature. If the signature is successfully verified, the response is signed by the same key.

hth,
G.