BIND 10 #1148: Make XfrOut use global TSIG keyring

BIND 10 Development do-not-reply at isc.org
Wed May 2 19:48:22 UTC 2012 

#1148: Make XfrOut use global TSIG keyring
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:
  vorner                             |                Status:  new
                       Type:         |             Milestone:
  defect                             |  Sprint-20120515
                   Priority:  low    |            Resolution:
                  Component:         |             Sensitive:  0
  xfrout                             |           Sub-Project:  DNS
                   Keywords:         |  Estimated Difficulty:  4
            Defect Severity:  N/A    |           Total Hours:  0
Feature Depending on Ticket:         |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------

Comment (by jaspain):

 Referring to my message
 https://lists.isc.org/pipermail/bind10-users/2012-May/000322.html, there
 was clearly some confusion on my part, and I don't think this reflects
 either a failure to solve the problem addressed by this ticket or a new
 problem.

 Consider the following `bindctl` session where I reproduced what I had
 done before one command at a time:

 {{{
 root at ns0:~# bindctl
 ["login success "] login as root
 > config set tsig_keys/keys
 ["nsb0-nsb0s:gWxinWPIF9UpqB2seY+FV/UM/czMFY3q/4oEAkAKnd0=:hmac-sha256"]
 > config commit
 > config set Xfrout/tsig_key_ring
 ["nsb0-nsb0s:gWxinWPIF9UpqB2seY+FV/UM/czMFY3q/4oEAkAKnd0=:hmac-sha256"]
 Error: /Xfrout/tsig_key_ring not found
 > config diff
 {}
 > config set Xfrout/transfer_acl[0] {"action": "REJECT"}
 > config diff
 {'Xfrout': {'transfer_acl': [{'action': 'REJECT'}]}}
 > config commit
 >
 }}}

 It is the `config set Xfrout/tsig_key_ring` command that is causing the
 error I reported previously. Clearly that is because the
 `Xfrout/tsig_key_ring` no longer exists. The global keyring is being used
 instead. I can confirm that TSIG-secured communications are working
 normally on this server. That is what this ticket was supposed to
 accomplish, and I believe it has done so successfully. Sorry for my
 earlier misinterpretation of the issue. Jeff.

-- 
Ticket URL: <http://bind10.isc.org/ticket/1148#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list