Hi, was this ever resolved ? I'm having the same issue with pdns-3.4.7
compiled under RHEL 6 with a MYSQL backend. I get a 'TSIG error with server:
tsig verify failure' error when BIND forwards updates to powerDNS.
The PDNS server is configured as a hidden master and listening on port 5353.
selec
Hi Ruben,
> Can you share all the logging and not cut out some parts?
>
> I've tested this with a normal nsupdate command, as that's
essentially what dhcpd is doing as well.
> I'll try to set that up in the same way here, but that takes a bit of
time.
Sorry for cutting out some parts of the l
Hi Martin,
Can you share all the logging and not cut out some parts?
I've tested this with a normal nsupdate command, as that's essentially what
dhcpd is doing as well.
I'll try to set that up in the same way here, but that takes a bit of time.
Regards,
Ruben
On Thu, Aug 28, 2014 at 1
Hi Ruben,
Thank you very much for all your help.
I tried your branch, and while the dynamic records get inserted, for
some reason dhcpd still logs a tsig verify failure at the end of the
transaction.
Perhaps as a result, when DHCPRELEASE is sent, the records are not deleted.
Here is the log:
Hi Martin,
I've (with some help) fixed the bug.
I currently have the code here
https://github.com/cyclops1982/pdns/tree/tsigforward
Could you build and try that version and see if it works for you?
Regards,
Ruben
On Tue, Aug 26, 2014 at 09:36:57AM +0200, Ruben d'Arco wrote:
> Hi Martin
Hi Martin,
No worries. PDNS is not my work, just hobby so i have to squeeze it in between
all kinds of stuff :-)
I am able to reproduce the issue locally now, which is already wonderful as
that gives me options to debug it further.
When a update message is forwarded, the message ID is rewritte
Hi Ruben,
Sorry to keep bothering you on this, but I notice that dhcpd sends the
original update request via UDP, but bind forwards the request via TCP.
Could it be that there is some difference in the way PDNS is handling
TCP packets over UDP packets, and somehow mis-reading the data that BI
Hi Ruben,
I've tried to reproduce your issue on my end, but failed.
Could you try running the following:
$ nsupdate <
The result of the above command is, unfortunately:
; TSIG error with server: expected a TSIG or SIG(0)
update failed: REFUSED
Answer:
;; ->>HEADER<<- opcode: UPDATE, status: R
Hi,
I've tried to reproduce your issue on my end, but failed.
Could you try running the following:
$ nsupdate < Hi Martin,
>
> To me, this seems nothing to do with bind. PDNS checks the TSIG on the
> package and can't verify it correctly. It then drops is and nothing happens.
> I'm running dhc
Hi Martin,
To me, this seems nothing to do with bind. PDNS checks the TSIG on the package
and can't verify it correctly. It then drops is and nothing happens.
I'm running dhcpd 4.2.5, i thought that can be the issue, but the pcap will
verify.
I'll get back to you later!
Regards,
Ruben
Hi Ruben,
Going back over versions, I see I am running BIND 9.9.5 instead of 9.3.
Maybe that's the problem?
dhcpd is 4.2.4.
I will send you the packet capture off-list,
as I am not sure if it is permissable to send attachments to the list...
Thanks,
Martin
(2014年08月22日 17:07), Ruben d'Arco wr
Hi Martin,
I'm running virtually the same config but do not have this issue.
Would it be possible for you to create a tcpdump/pcap file so i can replay the
message on my end?
Just to be sure, the tsigkeys table should have 'hmac-md5' as algoritm.
Could you also tell us what version of dhcpd you'
Hi Ruben,
Could you provide some logging from powerdns?
It should note/show what's it doing on that end...
I added the following to pdns.conf:
loglevel=9
log-dns-details=yes
log-dns-queries=yes
query-logging=yes
and this is all that pdns logs during the dhcp transaction:
Aug 22 14:58:50 ddns
Hi Martin,
Could you provide some logging from powerdns?
It should note/show what's it doing on that end...
Regards,
Ruben
On 22 August 2014 04:40:57 CEST, Martin Chandler wrote:
>Hi,
>
>I have been playing with the new dynamic dns feature of authoritative
>server 3.4.0-rc1, and have a ques
Hi,
I have been playing with the new dynamic dns feature of authoritative
server 3.4.0-rc1, and have a question regarding interaction when using
pdns as a hidden master in conjunction with bind 9.3 with the
allow-update-forwading setting.
(please excuse me if this is more of a BIND issue)
In shor
15 matches
Mail list logo
