support for TSIG key for also-notify sub statement
Mark Andrews
Mark_Andrews at isc.org
Thu Jul 17 23:22:47 UTC 2008
> Hi all,
>
> I was wondering whether BIND will support also-notify with TSIG key?
>
> I understand that also-notify only has this statement..
> also-notify { ip_addr port ip_port ; ip_addr port ip_port ; ... };
>
> And that I can use server statement to make use of TSIG and do the
> also-notify dance from there..
>
> include "/etc/namedb/keys";
> acl "ns2" { 172.17.0.2; };
> server 172.17.0.2 {
> keys { ns1.example.com-ns2.example.com; }; };
>
> zone "example.com" in {
> type master;
> allow-query {
> "any";
> };
> allow-transfer {
> "ns2";
> };
> allow-update {
> "none";
> };
> also-notify {
> 172.17.0.2 port 53;
> };
> file "/var/named/master/example.com.db";
> };
>
>
> But I was hoping if I have multiple zones in these two DNS servers and
> want to have TSIG on one zone, without the need for server statement, without
> the need to require TSIG keys on the zone statement on the secondaries of th
> e same view, or as an alternative to the use of server statement. Something l
> ike.. (to get rid of the server statement). This is really helpful for zone t
> ransfers of the same zone name of multiple views on two boxes.
>
> also-notify {
> 172.17.0.2 port 53 key ns1.example.com-ns2.example.com;
> };
>
> Any plans? part of the roadmap?
>
> If I'll get a chance to code some (hopefully, if ill have the time) where wil
> l I start? who to talk to? and where can i share it with?
>
> Thanks!
It's been thought about. It just hasn't reached the top of
the pile of ideas.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list