Albert_Ali | 21 Oct 17:28 2005

BIND 9.3.1 TSIG Error Message

I am receiving the following error message when the slave tries to update 
its zone file: "request has invalid signature: TSIG tsig-key: tsig verify 
failure (BADTIME)"
According to the BIND Manual, this results when  "a TSIG aware server 
receives a message with a time outside of the allowed range, the response 
will be signed with the TSIG extended error code set to BADTIME, and the 
time values will be adjusted so that the response can be successfully 
verified."
How can I resolve this??

Mark Andrews | 25 Oct 01:31 2005

Re: BIND 9.3.1 TSIG Error Message


> I am receiving the following error message when the slave tries to update 
> its zone file: "request has invalid signature: TSIG tsig-key: tsig verify 
> failure (BADTIME)"
> According to the BIND Manual, this results when  "a TSIG aware server 
> receives a message with a time outside of the allowed range, the response 
> will be signed with the TSIG extended error code set to BADTIME, and the 
> time values will be adjusted so that the response can be successfully 
> verified."
> How can I resolve this??

	Fix your clocks so they are all running at the correct time.

	While nsupdate could be made to resend the query with the
	time stamps set to that of the server there are so many
	other things that needed correct time in networked computers
	these days that it is usually easier to just fix the clocks.
	
	This not only fixes nsupdate.  It also fixes time stamps in
	email.  Makes kerberos work.  Makes NFS work.  Makes your
	logs have the right time.  The list goes on.

	I suggest you run NTP on your machines to keep them in sync.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews <at> isc.org

(Continue reading)


Gmane