How can you verify TSIG is working b/t Master & Slave servers
Alan Clegg
Alan_Clegg at isc.org
Thu Jan 22 14:28:55 UTC 2009
Vincent Rivellino wrote:
> Shouldn't using dig fail from the slave?
>
> For example:
>
> [var at stuey ~]$ dig -t AXFR domain.tld @ns1.someserver
>
> ; <<>> DiG 9.5.1-P1 <<>> -t AXFR domain.tld @ns1.someserver
> ;; global options: printcmd
> ; Transfer failed.
It all depends on what you do with the TSIG. I don't block using TSIG,
I just validate (certain) domain transfers.
Also, the use of TSIG to pick a view, etc. won't result in a failed query.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090122/4caf77f3/attachment.bin>
More information about the bind-users
mailing list