tsig and servers help

Jeremy C. Reed Jeremy_Reed at isc.org
Fri Apr 24 17:11:25 UTC 2009


On Fri, 24 Apr 2009, Terry wrote:

> I am a bit confused about what exactly applying a key to the servers
> part of the config does:
> 
> server 10.25.1.11 {
> 	keys {
> 		omajelns01.omajelns02;
> 		};
> 	};
> key omajelns01.omajelns02 {
> 	algorithm hmac-md5;
> 	secret "asdfasdfasdfasdfasdf";
> 	};
> zone "narf.com" {
> 	type master;
> 	file "/var/named/narf.com.hosts";
> 	also-notify {
> 		10.25.1.11;
> 		};
> 	notify yes;
> 	};
> 
> In this config, what does the key in the server section actually do
> for me?  I really only want zone transfers to be secured between my
> master and slaves but I don't really want each zone to have it's own
> key.  There's also a very high chance that I will have to exchange
> zones with non-bind servers too.  Which I don't think is an issue if I
> apply keys at the server level.  Thoughts?

Hello Terry,

The keys in the server statement is used to cause requests sent to that 
server to be signed using that key. In this case, it may be more than just 
zone transfers. It needs to be configured on both sides (so also on the 
slave at 10.25.1.11).

  Jeremy C. Reed
  ISC Sales & Support Engineer



More information about the bind-users mailing list