TSIG should be that way??
Osman Shoukry
oshoukry at onepage.com
Fri Mar 9 19:10:44 UTC 2001
Hi,
I am unable to really understand how the TSIG works, even though I have
configured it, but here is what I see. I remove the key from the slave, the
transfer of zones goes through.
I keep it, the request is signed and the transfer goes through. If I remove
the TSIG section from the master, then the transfer fails.
How do I forbid transfer unless the request is signed AND comming from the
correct IP (or is that not possible)??
Here is my current config, maybe there is something I am overlooking..
========== Master Config
key shared-secret. {
algorithm hmac-md5;
secret "Mxb8ljzEodY9sUkFi3cSYQ==";
};
server xx.xx.xx.2 {
transfer-format many-answers;
keys { shared-secret. ; };
};
acl "slaves" { xx.xx.xx.2; };
options {
directory "/var/named";
allow-transfer { none; };
pid-file "/var/run/named.pid";
};
zone "test.com" {
type master;
file "test.com";
allow-transfer { slaves; };
};
========== Slave config
key shared-secret. {
algorithm hmac-md5;
secret "Mxb8ljzEodY9sUkFi3cSYQ==";
};
server xx.xx.xx.1 {
keys { shared-secret. ; };
};
options {
directory "/var/named";
allow-transfer { none; };
pid-file "/var/run/named.pid";
};
zone "test.com" {
type slave;
file "test.com";
masters { xx.xx.xx.1; };
};
Thank you for any help you can offer,
Osman Shoukry
PS: Please excuse me for reposting this, but I didn't assign a subject, that
is why I am reposting.
More information about the bind-users
mailing list