Configuring TSIG keys and ACL's on slave server
Phusion
phusion2k at gmail.com
Mon Apr 16 16:31:27 UTC 2007
I need help configuring TSIG keys and ACL's on a slave server. This is
the first time I've setup primary and slave name servers. I've
enclosed the current named.conf file for both the master and slave
servers. Each server is running BIND 9.3.2-P1.
master server = 10.1.1.2, smdndnsp1.test.com
slave server = 10.1.1.3, smdndnsp2.test.com
==================================================
master server
==================================================
/* TSIG keys ======================= */
key smdndnsp1-smdndnsp2.test.com. {
algorithm hmac-md5;
secret "iHWAgk6OZdOb/z8kjYVhQO/h+gAbAbQPFfgxOQWRTGPHAg23XAQQy6ysV1uxd5tlqeXY/EskKdUDKCHPkAXpHQ==";
};
/* ACLs ============================ */
acl internal {
127/8; 10.1.1/24; 10.1.101/24;
};
/* rndc configuration ============== */
key "rndc-key" {
algorithm hmac-md5;
secret "Bpd0MiJARZI7+Ze5ZvYqpMLWKd6u43DRsqRB6ouHEay8dQZRCdj5zsibvdR6gySRjen7AGAV/DYedEDFsjhEvg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
/* Options ========================= */
options {
directory "/";
version ""; // remove this to allow version queries
};
/* Logging ========================= */
logging {
channel default_syslog {
syslog local6;
severity info;
};
category default { default_syslog; };
};
/* Authoritative zones ============= */
zone "." {
type hint;
file "standard/root.hint";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "standard/loopback";
};
zone "1.1.10.in-addr.arpa" {
type master;
file "master/db.10.1.1";
allow-update { key mdnlan; };
notify yes;
};
zone "localhost" {
type master;
file "standard/localhost";
};
zone "mdnlan.test.com" {
type master;
file "master/db.mdnlan.test.com";
allow-update { key mdnlan; };
notify yes;
};
zone "test.com" {
type master;
file "master/db.test.com";
};
zone "_msdcs.test.com" {
type master;
file "master/db._msdcs.test.com";
};
zone "_sites.test.com" {
type master;
file "master/db._sites.test.com";
};
zone "_tcp.test.com" {
type master;
file "master/db._tcp.test.com";
};
zone "_udp.test.com" {
type master;
file "master/db._udp.test.com";
};
zone "domaindnszones.test.com" {
type master;
file "master/db.domaindnszones.test.com";
};
zone "forestdnszones.test.com" {
type master;
file "master/db.forestdnszones.test.com";
};
==================================================
slave server
==================================================
/* TSIG keys ======================= */
key smdndnsp1-smdndnsp2.test.com. {
algorithm hmac-md5;
secret
"iHWAgk6OZdOb/z8kjYVhQO/h+gAbAbQPFfgxOQWRTGPHAg23XAQQy6ysV1uxd5tlqeXY/EskKdUDKCHPkAXpHQ==";
};
server 10.1.1.2 {
keys { smdndnsp1-smdndnsp2.test.com.; };
};
/* ACLs ============================ */
acl internal {
127/8; 10.1.1/24; 10.1.101/24;
};
/* rndc configuration ============== */
key "rndc-key" {
algorithm hmac-md5;
secret
"wejqinaDNIMyTQ/DEObjVfRLbO1mOxughAefMgzenKX2zF7JwcpBJbR3zaIl3EX7T3IG9wMHHfS4I+SBuubXvg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { rndc-key; };
};
/* Options ========================= */
options {
directory "/";
version ""; // remove this to allow version queries
recursion yes;
};
/* Logging ========================= */
logging {
channel default_syslog {
syslog local6;
severity info;
};
category default { default_syslog; };
};
/* Authoritative zones ============= */
zone "." {
type hint;
file "standard/root.hint";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "standard/loopback";
};
zone "1.1.10.in-addr.arpa" {
type slave;
masters { 10.1.1.2; };
file "slave/bak.10.1.1";
};
zone "localhost" {
type master;
file "standard/localhost";
};
zone "mdnlan.test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak.mdnlan.test.com";
};
zone "test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak.test.com";
};
zone "_msdcs.test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak._msdcs.test.com";
};
zone "_sites.test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak._sites.test.com";
};
zone "_tcp.test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak._tcp.test.com";
};
zone "_udp.test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak._udp.test.com";
};
zone "domaindnszones.test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak.domaindnszones.test.com";
};
zone "forestdnszones.test.com" {
type slave;
masters { 10.1.1.2; };
file "slave/bak.forestdnszones.test.com";
};
Let me know what to correct so that the two servers can
communicate/update/transfer correctly.
Phusion
More information about the bind-users
mailing list