secure zone transfer and dynamic update
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Wed Sep 29 15:34:32 UTC 2004
saravanan ganapathy <sarav_gsa at yahoo.com> wrote:
> Hai,
> I have configured bind9.2 on my debian woody.TSIG
> also configured for zone Txfr and ddns update.
> My config file as
> zone "abc.com" {
> type master;
> file "abc";
> allow-transfer {key abc.com;};
> allow-update { key abc.com;};
> };
> server 50.50.50.1 {
> keys { abc.com ;};
> };
> key "abc.com." {
> algorithm HMAC-MD5;
> secret "aasfsv131414";
> };
> I also configured slave server with this TSIG.It works
> well.
>
> My Problem:
> ------------
> The master server gives the zone data to any server
> which have the same TSIG key, though I have specified
> the slave server ip address only in the master server.
> The server should responds for zone txfr only when
> both the ip address and TSIG key matches.
> How to configure this?
> I have the same problem with ddns update also.
> Pls guide me
> Note :
> Even " allow-transfer {key abc.com;50.50.50.1;}; "
> doesn't help
No surprice, this represents a logical or statement.
See the section 6.2.24.4. Dynamic Update Policies which might
give you some more control, the "xfer-policy" command seems
unimplemented ( Jim, are you taking notes ?)
> Sarav
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list