tsig zone transfer problem with 8.2.3 and 8.2.5
Martin Lohner
mlohner at akamai.com
Thu Oct 11 18:41:47 UTC 2001
I've set up tsig for zone transfers between two machines using bind
8.2.3 (and also tried 8.2.5 with same result).
I use "dig" to do the transfers. It works fine, if I specify the tsig
key properly:
dig @172.24.84.233 martinstest. axfr -k /var/named/tsig:martinstest.
The disturbing thing happens, when I don't use the key (with dig): the
transfer still works. This shouldn't happen.
I did some further tests to double-check:
1) If I make the key between server and client disagree, no transfer.
2) If I try from another client ip, no transfer.
This sounds like a bug: a zone transfer happens without specifying a key
by the client, even though the server is setup only for key access.
I just now tried 8.2.5: same problem.
My setup (on the server) is given below.
Thanks much. --martin
options {
...
// other options
allow-transfer { none; };
};
key martinstest. {
algorithm hmac-md5;
secret "+eqNFRkfkx/Sth0E0hSRtA==";
};
server 172.24.85.166 {
transfer-format many-answers;
keys { martinstest.; };
};
zone "martinstest." {
file "/tmp/martinstest.zone";
type master;
allow-transfer { 172.24.85.166; };
notify no;
};
More information about the bind-users
mailing list