key-restricted nsupdate of internal view's zone's host REFUSED with 'signer "<key>" denied' ?

PGNd dev at pgnd.us
Wed May 27 01:04:14 UTC 2015



On Tue, May 26, 2015, at 02:32 PM, Mark Andrews wrote:
> You can't update multiple views with a single update message.  Use
> two update commands.  The update is being processed by the first
> view and the policy in the internal zone doesn't allow you to update
> *every* record you are attempting to update so the whole update is
> refused.
> 
> Also use two different keys for internal and external.  You currently
> can only update the internal view as the key is common to both views
> and you are using it in match-clients to select which view is
> matched.
> 
> match-clients { !key external ; key internal ; ... };
> 
> match-clients { !key internal ; key external ; ... };

Clear.

Works perfectly.

Thanks!


More information about the bind-users mailing list