Setting up tkey

Niall O'Reilly Niall.oReilly at
Thu Jun 4 08:38:09 UTC 2009

Shane Wegner wrote:
> Hello,
> I am looking at setting up tkey between master and slave
> nameservers but have been unable to find documentation on
> how to get this going properly. In the bind9 manual, there
> is a whole section on TSIG and setting up shared secrets
> between servers but how does one do it the TKEY way? That
> is, not having to generate different keypairs per host?

	I'm not sure why you think you would _need_ different
	key[pair]s per host.  I take care not to share the
	same secret with more than one organization.  That way,
	each distinct trust relationship has a specific secret,
	but we, as well as any organization carrying multiple
	zone instances for us, are spared the administrative
	overhead of managing too many secrets.

	Niall O'Reilly
	University College Dublin IT Services

More information about the bind-users mailing list