match-clients and TSIG keys
Adam Clark
Adam.Clark at ngv.vic.gov.au
Mon Sep 13 23:15:47 UTC 2004
> -----Original Message-----
> From: jim at gromit.rfc1035.com [mailto:jim at gromit.rfc1035.com]=20
> On Behalf Of Jim Reid
> Sent: Monday, 13 September 2004 10:21 PM
> To: Adam Clark
> Cc: bind-users at isc.org
> Subject: Re: match-clients and TSIG keys=20
>=20
> >>>>> "Adam" =3D=3D Adam Clark <Adam.Clark at ngv.vic.gov.au> writes:
>=20
> Adam> It isnt feasible to have two sets of name servers, so Is the
> Adam> prefered method for this a second ip address For the
> Adam> secondary and sending axfr's from that address?
>=20
> BIND 9.3 isn't out yet. That means the only current way of=20
> deciding which views clients see is based on IP address.=20
> Unless of course you're willing to run 9.3 release candidates=20
> and/or betas on production servers.
>=20
Not at all, I have aliased another IP onto the slave server
And set the axfr's for the second view to originate from there
And that works fine.=20
Once 9.3 does come out, would using TSIG keys to identify which
Of the views you want to transer become the prefered=20
method or will the current method remain best practice?
Also, thanks for the tip on acl's making the mutually exclusive.
This also helped make my configuration deal with bogon
Lists more clear and concise.
Thanks for all your help
Adam
More information about the bind-users
mailing list