(no subject)
Osman Shoukry
oshoukry at onepage.com
Fri Mar 9 18:09:05 UTC 2001
Hi,
I am unable to really understand how the TSIG works, even though I
have configured it, but here is what I see.
I remove the key from the slave, the transfer of zones goes through.
I keep it, the request is signed and the transfer goes through. If I remove
the TSIG section from the master, then the transfer fails.
How do I forbid transfer unless the request is signed AND comming
from the correct IP??
Here is my current config, maybe there is something I am
overlooking..
========== Master Config
key shared-secret. {
algorithm hmac-md5;
secret "Mxb8ljzEodY9sUkFi3cSYQ==";
};
server xx.xx.xx.2 {
transfer-format many-answers;
keys { shared-secret. ; };
};
acl "slaves" { xx.xx.xx.2; };
options {
directory "/var/named";
allow-transfer { none; };
pid-file "/var/run/named.pid";
};
zone "test.com" {
type master;
file "test.com";
allow-transfer { slaves; };
};
========== Slave config
key shared-secret. {
algorithm hmac-md5;
secret "Mxb8ljzEodY9sUkFi3cSYQ==";
};
server xx.xx.xx.1 {
keys { shared-secret. ; };
};
options {
directory "/var/named";
allow-transfer { none; };
pid-file "/var/run/named.pid";
};
zone "test.com" {
type slave;
file "test.com";
masters { xx.xx.xx.1; };
};
Thank you for any help you can offer,
Osman Shoukry
More information about the bind-users
mailing list