[yadifa-users] TSIG based IXFR not working with BIND(master) and Yadifa(slave) setup

vijay bommareddy vijayb888 at gmail.com
Fri Jul 10 13:39:09 CEST 2015


Greetings Yadifa Developers,

We are trying to configure BIND as master and Yadifa as slave. The
transfers are TSIG signed and are working fine for AXFR. However we are
getting the following error for IXFR in Yadifa logs, even though the master
is sending the notifies:

2015-06-30 12:09:46.446863 | 11293 | system   | E | TSIG_BADKEY       query
error from 192.168.1.76#2757
2015-06-30 12:09:46.446870 | 11293 | server   | W | notify       (cb95)
[24|09] error 9 (UNPROCESSABLE_MESSAGE) (192.168.1.76)

*Below is the config in BIND:*
    #-------------------------
    # Key Definition
    #-------------------------
    key "RNDC-KEY" {
            algorithm HMAC-MD5;
            secret "3qUksQpL4IncPmmESX5+EQ==";
    };
    #-------------------------
    # Server Definition
    #-------------------------
    server 192.168.1.77 {
            keys  "RNDC-KEY";
            provide-ixfr yes;
            request-ixfr yes;
            transfers 30;
            transfer-format one-answer;
    };


* In Yadifa config:*
    <zone>
            domain example.com
            type slave
            file-name slaves/db.example.com
            allow-query any;
            master 192.168.1.76
    </zone>


Any ideas about what the problem might be?
The documentation is ambiguous on how to setup TSIG trusts.

Thanks in advance.

-- 
Vijay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.yadifa.eu/archives/yadifa-users/attachments/20150710/f822aef7/attachment.html 


More information about the yadifa-users mailing list