[yadifa-users] TSIG based IXFR not working with BIND(master) and Yadifa(slave) setup

vijay bommareddy vijayb888 at gmail.com
Fri Jul 10 13:39:09 CEST 2015

Greetings Yadifa Developers,

We are trying to configure BIND as master and Yadifa as slave. The
transfers are TSIG signed and are working fine for AXFR. However we are
getting the following error for IXFR in Yadifa logs, even though the master
is sending the notifies:

2015-06-30 12:09:46.446863 | 11293 | system   | E | TSIG_BADKEY       query
error from
2015-06-30 12:09:46.446870 | 11293 | server   | W | notify       (cb95)
[24|09] error 9 (UNPROCESSABLE_MESSAGE) (

*Below is the config in BIND:*
    # Key Definition
    key "RNDC-KEY" {
            algorithm HMAC-MD5;
            secret "3qUksQpL4IncPmmESX5+EQ==";
    # Server Definition
    server {
            keys  "RNDC-KEY";
            provide-ixfr yes;
            request-ixfr yes;
            transfers 30;
            transfer-format one-answer;

* In Yadifa config:*
            domain example.com
            type slave
            file-name slaves/db.example.com
            allow-query any;

Any ideas about what the problem might be?
The documentation is ambiguous on how to setup TSIG trusts.

Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.yadifa.eu/archives/yadifa-users/attachments/20150710/f822aef7/attachment.html 

More information about the yadifa-users mailing list