key-restricted nsupdate of internal view's zone's host REFUSED with 'signer "<key>" denied' ?
PGNd
dev at pgnd.us
Wed May 27 01:04:14 UTC 2015
On Tue, May 26, 2015, at 02:32 PM, Mark Andrews wrote:
> You can't update multiple views with a single update message. Use
> two update commands. The update is being processed by the first
> view and the policy in the internal zone doesn't allow you to update
> *every* record you are attempting to update so the whole update is
> refused.
>
> Also use two different keys for internal and external. You currently
> can only update the internal view as the key is common to both views
> and you are using it in match-clients to select which view is
> matched.
>
> match-clients { !key external ; key internal ; ... };
>
> match-clients { !key internal ; key external ; ... };
Clear.
Works perfectly.
Thanks!
More information about the bind-users
mailing list