restricting zone transfers with tsig AND allow-transfer IP addresses
Danny Mayer
mayer at gis.net
Wed Jul 25 20:31:09 UTC 2001
Ian Marsh wrote:
> I'm looking at restricting zone transfers from our name server(s) and have
> determined that I can use either restrive them to certain IP addresses or
> sign them using TSIG. This bit isn't a problem.....
>
> What I'd like to know is: Is it possible to use the 'belt and braces'
> approach and have the specified IP addresses also use TSIG to sign the zone
> transfer? Bind will allow me to specify the following in named.conf:
>
> allow-transfer {
> 1.2.3.4;
> 5.6.7.8;
> key tsig-key.domain.com.;
> };
>
acl allowed {1.2.3.4;5.6.7.8;};
allow-transfer {!allowed; key tsig-key.domain.com;};
Danny
More information about the bind-users
mailing list