key-restricted nsupdate of internal view's zone's host REFUSED with 'signer "<key>" denied' ?

PGNd dev at
Wed May 27 01:04:14 UTC 2015

On Tue, May 26, 2015, at 02:32 PM, Mark Andrews wrote:
> You can't update multiple views with a single update message.  Use
> two update commands.  The update is being processed by the first
> view and the policy in the internal zone doesn't allow you to update
> *every* record you are attempting to update so the whole update is
> refused.
> Also use two different keys for internal and external.  You currently
> can only update the internal view as the key is common to both views
> and you are using it in match-clients to select which view is
> matched.
> match-clients { !key external ; key internal ; ... };
> match-clients { !key internal ; key external ; ... };


Works perfectly.


More information about the bind-users mailing list