[BlueOnyx:08028] Re: secure zone transfers from one nameserver to the other .
Gerald Waugh
gwaugh at frontstreetnetworks.com
Sat Aug 6 22:33:35 -05 2011
Gerald Waugh wrote:
> Client wants secure zone transfers from primary nameserver to secondary
> using the BlueOnyx GUI.
>
> will this work, maybe in an include file for named.conf
> http://www.grok.org.uk/docs/tsig.html
>
The following works with one problem
note the "allow-transfer { key rndc_key.; };" on the master's include file
In the GUI I do not put an entry in the "allow transfer" box.
So sausalito writes allow-transfer { none; };
and I have to delete that to get it to work.
But of course everytime a change in the GUI is made I have to edit
named.conf and delete that line.
would be nice if there was a way to get the GUI to leave it alone
or have the option of using "key rndc_key.;"
===== primary server /etc/named.include ========
key rndc_key {
algorithm hmac-md5;
secret "====================";
};
server 192.1.2.3 {
transfer-format many-answers;
keys { rndc_key.; };
};
allow-transfer { key rndc_key.; };
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
inet 127.0.0.1 allow { localhost; } keys { };
};
====== secondary server /etc/named.conf/include =====
key rndc_key {
algorithm hmac-md5;
secret "324CKxKcmozy8lnsSD0K0w==";
};
server 192.1.2.2 {
transfer-format many-answers;
keys { rndc_key.; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
inet 127.0.0.1 allow { localhost; } keys { };
};
--
Gerald
More information about the Blueonyx
mailing list