Date: Wed, 27 Jun 2001 12:33:37 -0400 From: "Dan Langille" <dan@langille.org> To: freebsd-questions@freebsd.org Subject: using TSIG on slave DNS servers Message-ID: <200106271633.f5RGXd831714@lists.unixathome.org>
next in thread | raw e-mail | index | archive | help
I know how to set up the master DNS server to use TSIG, I've found examples. But I don't know how to set up the slave DNS servers if I use different keys for each domain. Or is this a non-problem? Most of the examples I've found show only a simple example such as this one from http://www.securityportal.com/topnews/weekly/solaris20000911.prin terfriendly.html key prim-sec1 { algorithm hmac-md5; secret "bFs2bXnLTYTI7r0WJv7HMA=="; }; server 10.1.2.2 { transfer-format many-answers; keys { prim-sec1 ; }; }; zone "example.org" { type slave; file "secondary/example.db"; masters {10.1.2.2;}; }; I think the above will work. Corrections are appreciated. However, what if I have another domain with a different key? How do I specify that zone? Do I expand the keys field like this: key prim-sec1 { algorithm hmac-md5; secret "AAAAs2bXnLTYTI7r0WJv7HMA=="; }; server 10.1.2.2 { transfer-format many-answers; keys { prim-sec1 ; prim-sec2; }; }; Or is there a way to tie the key more directly to the domain? -- Dan Langille pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106271633.f5RGXd831714>