(no subject)

Osman Shoukry oshoukry at onepage.com
Fri Mar 9 18:09:05 UTC 2001


	Hi,
	I am unable to really understand how the TSIG works, even though I
have configured it, but here is what I see.
	I remove the key from the slave, the transfer of zones goes through.
I keep it, the request is signed and the transfer goes through.  If I remove
the TSIG section from the master, then the transfer fails.

	How do I forbid transfer unless the request is signed AND comming
from the correct IP??

	Here is my current config, maybe there is something I am
overlooking..



	==========  Master Config
	key shared-secret. {
	        algorithm hmac-md5;
	        secret "Mxb8ljzEodY9sUkFi3cSYQ==";
	};

	server xx.xx.xx.2 {
	        transfer-format many-answers;
	        keys { shared-secret. ; };
	};

	acl "slaves" { xx.xx.xx.2; };

	options {
	        directory "/var/named";
	        allow-transfer { none; };
	        pid-file "/var/run/named.pid";
	};

	zone "test.com" {
	        type master;
	        file "test.com";
	        allow-transfer { slaves; };
	};



	========== Slave config

	key shared-secret. {
	        algorithm hmac-md5;
	        secret "Mxb8ljzEodY9sUkFi3cSYQ==";
	};

	server xx.xx.xx.1 {
	        keys { shared-secret. ; };
	};


	options {
	        directory "/var/named";
	        allow-transfer { none; };
	        pid-file "/var/run/named.pid";
	};

	zone "test.com" {
	        type slave;
	        file "test.com";
	        masters { xx.xx.xx.1; };
	};


	Thank you for any help you can offer,

	Osman Shoukry





More information about the bind-users mailing list