Multiple masters and multiple TSIG keys
Niall O'Reilly
Niall.oReilly at ucd.ie
Wed Sep 29 10:09:19 UTC 2010
On 29 Sep 2010, at 09:34, Anand Buddhdev wrote:
> Now, I have been given 2 keys, t1 and t2, to use for transferring z1 and
> z2 respectively.
[Wandering off topic, perhaps]
That seems to me a back-to-front way to do things.
If the organization running the master is concerned to identify
responsibility for purported slave access, the key needs to be
provided by the organization responsible for running the slave,
and accepted (or not) at the master end.
That's what I expect from my slaves.
None has revolted yet. 8-)
One way or the other, using multiple keys to express what is
intrinsically a single trust relationship seems to be both likely
to increase the risk of compromise and certain to add administrative
burden. Why do it?
ATB
/Niall
More information about the bind-users
mailing list