Hello, This was my first guess as well, but since the TSIG fudge is set to 300 seconds then all zonetransfers which take more the 5 minutes would fail if this was true.
/Nico On tor, 2010-07-08 at 10:28 +0200, Gilles Massen wrote: > Hi Nico, > > Could it be that the signature of the AXFR message is created at request > time on the master (actually when the answer is build), but the > validation on the client side is obviously only made at the end of the > transfer? > > The RFC2845 suggests that this is possible, but I'm not fluent enough in > bind source to confirm or deny... > > Best, > Gilles > > > Niklas Jakobsson wrote: > > Hello, > > > > I have some problems with our bind servers complaining that 'clocks are > > unsynchronized' when doing zone transfers with TSIG. The problem is the > > clocks are correct, synced with ntp and everything. > > > > The problems seems to occur mostly on zone transfers that take a long > > time (ie. hours). > > > > Anyone seen had any similar problems or have an idea what is going on? > > > > I'm running bind 9.6.1-P3 on debian/lenny. > > > > /Nico > > > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
