I'm trying to use TSIG to authenticate dynamic updates or zone transfers but the server is rejecting the TSIG - why?
  • 25 May 2021
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

I'm trying to use TSIG to authenticate dynamic updates or zone transfers but the server is rejecting the TSIG - why?

  • Dark
    Light
  • PDF

Article Summary

If you are sure that the keys are configured correctly then this may be a clock skew problem. Check that the the clocks on the client and server are properly synchronized (e.g., using NTP).

Check your logs for errors. If you are running a recent version of BIND, you may see error messages similar to these (reported by the secondary zone server) below:

25-Jan-2013 13:09:08.048 zone 7.168.192.in-addr.arpa/IN/trusted:
refresh: failure trying master 192.168.7.27#53 (source 0.0.0.0#0):
clocks are unsynchronized
25-Jan-2013 13:09:23.053 zone myzone.example/IN/trusted: refresh:
failure trying master 192.168.7.27#53 (source 0.0.0.0#0): clocks are
unsynchronized