TSIG primary and secondary
Michael Kjorling
michael at kjorling.com
Thu Dec 20 12:24:58 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This won't work; you've mixed up the key names "test" and "test.".
I'm not completely familiar with TSIG-authenticated AXFRs but it seems
reasonable that the master should mention the slave, and vice versa.
Michael Kjörling
On Dec 19 2001 17:28 -0800, Tony wrote:
> primary master ip: 1.1.1.1
> slave: 2.2.2.2
>
> to allow secure zone transfer:
>
> named.conf for my master is:
>
> options {
> directory "/var/named";
> };
>
> key test. {
> algorithm hmac-md5;
> secret "zkaUvVU9nTEjWV3c4TAduQ==";
> };
>
> server 1.1.1.1 {
> keys { test; };
> };
>
> zone "mydomain.com" in {
> type master;
> file "mydomain/db.mydomain.com";
> allow-transfer { key test; };
> };
>
> ----------------------------------------------------------------
>
> for secondary is:
>
> options {
> directory "/var/named";
> };
>
> key test. {
> algorithm hmac-md5;
> secret "zkaUvVU9nTEjWV3c4TAduQ==";
> };
>
> server 2.2.2.2 {
> keys { test; };
> };
>
> zone "mydomain.com" in {
> type slave;
> masters { 1.1.1.1; };
> file "mydomain/db.mydomain.com.bak";
> allow-transfer { key test; };
> };
>
>
> -------------------------------------------------------------------
>
>
> Is this correct? The line
>
> server 2.2.2.2 {
> keys { test; };
> };
>
> Should the ip be the primary or the slave on the primary and vice versa?
>
>
> Thanks
- --
Michael Kjörling -- Programmer/Network administrator ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4 \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE8IdidKqN7/Ypw4z4RAtr4AKC265tMmBLY2570PGNpBn2EAAE6egCgk4pa
xxMPHXeJJYeQb8vjqYA0jPk=
=Vkfc
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list