TKEY and zone transfer
Evan Hunt
each at isc.org
Wed Jan 30 05:37:30 UTC 2013
On Wed, Jan 30, 2013 at 11:14:04AM +0800, Kent Tong wrote:
> Thanks for the kind and excellent replies! So, currently there is no way
> for the client to negotiate the key on-demand automatically?
I don't see a way, no.
There's a partially-implemented feature where negotiated keys can be dumped
to a file when named shuts down and restored when the it's restarted, so
in principle you could negotiate a key with a server once, and then it
would keep the key as long as necessary. But currently this only works
with GSSAPI keys, I believe.
> > zone example.com {
> > type slave;
> > masters { 1.2.3.4 key negotiated-key.server };
> > ...
> > };
>
> BTW, what is the difference between specifying the key in the "masters"
> setting and specifying the key in a server statement?
If you put it in the masters list then you could use different keys for
different purposes when talking to the same server. If it's in a server
statement, then that server always gets the same key.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list