TSIG
Niall O'Reilly
Niall.oReilly at ucd.ie
Wed Mar 14 14:45:34 UTC 2007
On 14 Mar 2007, at 13:19, Sangoi, Nehal (GE Supply, consultant) wrote:
> How to implement TSIG in Bind 8 and later?
I never tried with BIND 8.
I've had no difficulty setting up TSIG with (successive releases of)
BIND 9.
All I had to do was
- read the relevant sections of the ARM twice or so;
- choose the name of the key for each pair of organizations involved;
- have the slave partner generate the key (locating responsibility for
the key and related master access with the slave partner);
- arrange secure communication of the key (eg: PGP-protected e-mail);
- place key definitions in a separate configuration file with tighter
access restrictions than the named.conf, and use 'include' to refer
to the separate file;
- add key references in 'server' blocks in named.conf;
- (NB) make sure the date and time on the systems involved were kept
synchronized (using NTP).
This is all "top-of-the-head" from memory. I hope I haven't either
left
anything significant out or made any errors.
More information about the bind-users
mailing list