bind9 - DNS Query using TSIG : BIND server -


here trying do:

use tsig validate dns transaction : query , response.

i know tsig used between 2 hosts secured zone transfers. but, trying validate simple query client using tsig. have generated private key @ server using dnssec-gen tool , appended tsig record @ client side outgoing dns query message.

i not sure how enable bind server validate tsig rr on incoming query. have added key configuration in named.conf file matches tsig rr signed @ client side. when receive tsig signed dns query @ server side, following error message shown:

request has invalid signature: tsig mytsigkey: tsig verify failure (badsig)

but, feel mac have generated , appended dns query record correct (i verified slavasoft hmac calculator). not sure if missing in named.conf file.

below config. inputs highly appreciated.

key "mytsigkey" {         algorithm hmac-md5;         secret "aszn6w/8hjihoffalh/4xg=="; }; options {         listen-on port 53 { any; };         listen-on-v6 port 53 { any; };         directory       "/var/named";         dump-file       "/var/named/data/cache_dump.db";         statistics-file "/var/named/data/named_stats.txt";         memstatistics-file "/var/named/data/named_mem_stats.txt";         allow-query     {any ;};         recursion yes;         allow-transfer {key test_tsig.com;};          dnssec-enable yes;         dnssec-validation yes;         dnssec-lookaside auto;          /* path isc dlv key */         bindkeys-file "/etc/named.iscdlv.key";          managed-keys-directory "/var/named/dynamic"; }; 


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -