[nsd-users] query: bad tsig signature for key

n5d9xq3ti233xiyif2vp at pm.me n5d9xq3ti233xiyif2vp at pm.me
Thu May 16 06:48:59 UTC 2024


Could someone kindly explain what "query: bad tsig signature for key" means and how to fix it ?


I have quadruple checked (a) tsig key matches both sides (b) tsig algo matches both sides.


Primary is PowerDNS 4.9.0 (from the PowerDNS repo)
Secondaries are NSD 4.6.1 (from Debian Bookworm distro repo)


The secondaries do not receive notifies from primary, instead posting the above error to logs. So they are currently relying on SOA pull refresh behaviour.


Setting "verbosity:2" in nsd.conf has absolutely zero effect.  It produces zero extra detail in logs.


Thanks !


Laura



More information about the nsd-users mailing list