On Mon, Aug 19, 2019 at 02:05:37PM +0200, Ulrich-Lorenz Schl??ter wrote: > Am 19.08.19 um 11:17 schrieb Andrew Ivanov: > > On Sat, Aug 17, 2019 at 11:04:58AM +0200, Ulrich-Lorenz Schl??ter wrote: > >> Am 16.08.19 um 20:36 schrieb Berry A.W. van Halderen: > >>> On 8/16/19 6:21 PM, Ulrich-Lorenz Schl??ter wrote: > >>>> I checked perms as described. > >>>> Turned up logging verbosity. > >>>> "ods-ksmutil key list --verbose" does not spit out any keys. > >>>> > >>> > >> parsed (res 5) > >> Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] xfr/newlease from 127.0.0.1 > >> Aug 17 10:54:55 one ods-signerd[5550]: [xfrhandler] netio dispatch > >> Aug 17 10:55:59 one ods-signerd[5550]: [socket] incoming udp message > >> Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY > >> Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY > >> Aug 17 10:55:59 one ods-signerd[5550]: [query] too many additional rrs > >> Aug 17 10:55:59 one ods-signerd[5550]: [query] formerr > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > The problem is here. Check server TSIG-settings and adapters in addns.xml. > I created new keys, changed from hmac-md5 to hmac-sha512, now I get: > unable to sign request: tsig unknown algorithm hmac-sha512
I guess, your current version of opendnssec does not support optional hmac algorithms. Try to use hmac-sha256. This algorithm is mandatory. Regards. _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
