On Mon, Aug 19, 2019 at 03:13:11PM +0200, Ulrich-Lorenz Schl??ter wrote: > >>>> Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] xfr/newlease from 127.0.0.1 > >>>> Aug 17 10:54:55 one ods-signerd[5550]: [xfrhandler] netio dispatch > >>>> Aug 17 10:55:59 one ods-signerd[5550]: [socket] incoming udp message > >>>> Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY > >>>> Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY > >>>> Aug 17 10:55:59 one ods-signerd[5550]: [query] too many additional rrs > >>>> Aug 17 10:55:59 one ods-signerd[5550]: [query] formerr > >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >>> The problem is here. Check server TSIG-settings and adapters in addns.xml. > >> I created new keys, changed from hmac-md5 to hmac-sha512, now I get: > >> unable to sign request: tsig unknown algorithm hmac-sha512 > > > > I guess, your current version of opendnssec does not support optional hmac > > algorithms. > > Try to use hmac-sha256. This algorithm is mandatory. > I changed to hmac-sha256. > Still got the formerr
Your name server responds without TSIG. Check server logs and TSIG settings. Regards _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
