On Mon, Jul 27, 2015 at 04:33:06PM +0100, Tony Finch wrote:
> It isn't a very good idea to use the same key for zone transfers and
> for rndc. It is common to allow zone transfers to third parties, and
> you don't want them to be able to fiddle with your name server!
Sometimes, in my experience, p
Managed Pvt nets wrote:
>
> Jul 27 14:40:24 hostname named[6016]: zone myzone.co.zw/IN: transferred
> serial 2015072400: TSIG 'rndc-key'
It isn't a very good idea to use the same key for zone transfers and
for rndc. It is common to allow zone transfers to third parties, and
you don't want them t
On 24/07/2015 6:07:09 PM, "John Miller" wrote:
On Fri, Jul 24, 2015 at 11:52 AM, Mark Elkins wrote:
On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote:
>
>
> On 24/07/2015 5:05:24 PM, "Alan Clegg" wrote:
>
> > Possible problems:
> >Mismatched keys.
> >Mismatched key names.
On 24/07/15 17:52, Mark Elkins wrote:
> TSIG is a step towards better security. Rather learn how to use it than
> go backwards. I see TSIG as a step towards DNSSEC...
I also agree with this principle. At the RIPE NCC we've been trying to
get all the operators we provide secondary for to use TSIG.
On Fri, Jul 24, 2015 at 11:52 AM, Mark Elkins wrote:
> On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote:
> >
> >
> > On 24/07/2015 5:05:24 PM, "Alan Clegg" wrote:
> >
> > > Possible problems:
> > >Mismatched keys.
> > >Mismatched key names.
> > >Mismatched clocks.
> >
> > Mo
On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote:
>
>
> On 24/07/2015 5:05:24 PM, "Alan Clegg" wrote:
>
> > Possible problems:
> >Mismatched keys.
> >Mismatched key names.
> >Mismatched clocks.
>
> Most likely mismatched key. I have to figure out how to make sure my
>
be missing:
> >
> > ===
> > Jul 24 15:33:55 huffer named[493]: zone myzonename.co.zw/IN:
> > refresh: failure trying master aaa.bbb.ccc.ddd#53 (source
> > 0.0.0.0#0): tsig indicates error
> > ===
> >
> > regards,
> >
> > Mollatt.
--
Mark James
On 24/07/2015 5:05:24 PM, "Alan Clegg" wrote:
Possible problems:
Mismatched keys.
Mismatched key names.
Mismatched clocks.
Most likely mismatched key. I have to figure out how to make sure my
master does not require TSIGs and my slave does not try to use them.
___
On 24/07/2015 5:03:12 PM, "John Miller" wrote:
If you're not intending to use TSIG, make sure your master doesn't
require it and that your slave doesn't try to use it for its AXFRs.
I think this is what I have to figure out to do.
___
Please v
o
> transfer zones from my master I am getting this error here, what could
> I be missing:
>
> ===
> Jul 24 15:33:55 huffer named[493]: zone myzonename.co.zw/IN: refresh:
> failure trying master aaa.bbb.ccc.ddd#53 (source 0.0.0.0#0): tsig
> indicates error
&
ld I be missing:
>
> ===
> Jul 24 15:33:55 huffer named[493]: zone myzonename.co.zw/IN: refresh:
> failure trying master aaa.bbb.ccc.ddd#53 (source 0.0.0.0#0): tsig indicates
> error
> ===
>
>
Hi Mollatt,
This usually means what it says: there's an error with the TSIG
au
: refresh:
failure trying master aaa.bbb.ccc.ddd#53 (source 0.0.0.0#0): tsig
indicates error
===
regards,
Mollatt.___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
12 matches
Mail list logo
