From RHEL to CentOS BIND 9
Alan_Clegg at isc.org
Wed Dec 5 21:06:32 UTC 2007
isplist at logicore.net wrote:
>>> Should the rndc keys be the same across DNS servers which are working
>>> together as primary/secondary?
> I know the keys have to match on the server itself, named.conf and the key
> file. I was not sure if they needed to match on the other servers as well,
> such as secondary machines. If all machines need to have a matching key, not
> just their own named.cond/key file.
The keys used for rndc (in the named.conf and rndc.key) should not be
shared between multiple nameservers. If you wish to administer multiple
hosts from a single machine, you should make the keys for each
nameserver available to that machine.
You can do this with either individual key files or an rndc.conf
containing multiple keys/servers.
More information about the bind-users