From owner-freebsd-isp Wed Aug 22 7:39:14 2001 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 2C0A037B40E for ; Wed, 22 Aug 2001 07:38:59 -0700 (PDT) (envelope-from simon@optinet.com) Received: (qmail 84285 invoked by uid 106); 22 Aug 2001 14:39:29 -0000 Received: from 66-65-36-21.nyc.rr.com (HELO sharky) (66.65.36.21) by anaconda.acceleratedweb.net with SMTP; 22 Aug 2001 14:39:29 -0000 From: "Simon" To: "damir@voljatel.si" , "freebsd-isp@freebsd.org" Date: Wed, 22 Aug 2001 10:38:53 -0400 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: <0108220945240L.00300@pxna> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: secure DNS zone transfer Message-Id: <20010822143859.2C0A037B40E@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can use TSIG, here are a few docs i found by searching on google.com: http://www.oreilly.com/catalog/dns4/chapter/ch11.html http://www.asp.ogi.edu/people/paja/linux/dns/named.conf.slave Basically, you will have a key and then allow-transfer { key key_name; }; in your master config and server master_ip { keys { key_name; }; }; in your slave config along with the key PS: sync the time on your master & slave hosts or this won't work -Simon On Wed, 22 Aug 2001 09:45:24 +0200, Damir Horvat wrote: >Hello! > >I have name servers on public network without any ip filternig (yet). >I would like to ensure secure zone transfers from master to slave. > >One way is to setup IPSec between 2 hosts I've been told. I've never >done this, so for now it's my only solution. > >I'm using named 8.2.3-REL. > >Does someone know some other solution? > >Thanks, >damir > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message