Multiple masters and multiple TSIG keys

Niall O'Reilly Niall.oReilly at
Wed Sep 29 10:09:19 UTC 2010

On 29 Sep 2010, at 09:34, Anand Buddhdev wrote:

> Now, I have been given 2 keys, t1 and t2, to use for transferring z1 and
> z2 respectively.

	[Wandering off topic, perhaps]

	That seems to me a back-to-front way to do things.

	If the organization running the master is concerned to identify
	responsibility for purported slave access, the key needs to be
	provided by the organization responsible for running the slave,
	and accepted (or not) at the master end.

	That's what I expect from my slaves.
	None has revolted yet. 8-)

	One way or the other, using multiple keys to express what is
	intrinsically a single trust relationship seems to be both likely
	to increase the risk of compromise and certain to add administrative
	burden.  Why do it?


More information about the bind-users mailing list