TKEY and zone transfer

Evan Hunt each at
Wed Jan 30 05:37:30 UTC 2013

On Wed, Jan 30, 2013 at 11:14:04AM +0800, Kent Tong wrote:
> Thanks for the kind and excellent replies! So, currently there is no way
> for the client to negotiate the key on-demand automatically?

I don't see a way, no.

There's a partially-implemented feature where negotiated keys can be dumped
to a file when named shuts down and restored when the it's restarted, so
in principle you could negotiate a key with a server once, and then it
would keep the key as long as necessary.  But currently this only works
with GSSAPI keys, I believe.

> >     zone {
> >         type slave;
> >         masters { key negotiated-key.server };
> >         ...
> >     };
> BTW, what is the difference between specifying the key in the "masters"
> setting and specifying the key in a server statement?

If you put it in the masters list then you could use different keys for
different purposes when talking to the same server.  If it's in a server
statement, then that server always gets the same key.

Evan Hunt -- each at
Internet Systems Consortium, Inc.

More information about the bind-users mailing list