bind9 - DNS Query using TSIG : BIND server -
here trying do:
use tsig validate dns transaction : query , response.
i know tsig used between 2 hosts secured zone transfers. but, trying validate simple query client using tsig. have generated private key @ server using dnssec-gen
tool , appended tsig record @ client side outgoing dns query message.
i not sure how enable bind server validate tsig rr on incoming query. have added key configuration in named.conf
file matches tsig rr signed @ client side. when receive tsig signed dns query @ server side, following error message shown:
request has invalid signature: tsig mytsigkey: tsig verify failure (badsig)
but, feel mac have generated , appended dns query record correct (i verified slavasoft hmac calculator). not sure if missing in named.conf
file.
below config. inputs highly appreciated.
key "mytsigkey" { algorithm hmac-md5; secret "aszn6w/8hjihoffalh/4xg=="; }; options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {any ;}; recursion yes; allow-transfer {key test_tsig.com;}; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* path isc dlv key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; };
Comments
Post a Comment