bindctl syntax for Xfrout TSIG keys
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Mon Jan 30 19:18:17 UTC 2012
At Mon, 30 Jan 2012 17:05:43 +0000,
"Spain, Dr. Jeffry A." <spainj at countryday.net> wrote:
> For bind10-devel-20120119, bind10-guide, "Chapter 10. Outbound Zone Transferers", the sample configuration shows:
>
> > config set Xfrout/tsig_keys/keys ["key.example:<base64-key>"]
>
> In bindctl, this generates the message "Error: /Xfrout/tsig_keys/keys not found".
>
> Based on what I can discover using "config show Xfrout", the syntax should be:
>
> > config set Xfrout/tsig_key_ring ["key.example:<base64-key>"]
Sorry for the confusion, you are right. It was me who wrote the
description of bind10-guide, and I thought I confirmed the behavior as
I wrote it, but maybe I mistyped it in the end or was not sufficiently
careful to actually check it.
For immediate experiment, you'll need to adjust your configuration so
that it matches what the implementation expects (of course). For a
bit longer term, I personally think the syntax for both auth and
xfrout should be consistent (the former is currently using the global
TSIG key configuration with the syntax of "tsig_keys"). I plan to
create a ticket for that. Unfortunately, that would introduce
backward incompatibility and you'll need to adjust your configuration
once again. I hope you can accept the inconvenience, considering the
current maturity of BIND 10.
For an even more longer term, a single unified key configuration
should be used by all applications as (I think) we discussed before.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind10-users
mailing list