From owner-freebsd-isp  Wed Aug 22  7:39:14 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130])
	by hub.freebsd.org (Postfix) with SMTP id 2C0A037B40E
	for <freebsd-isp@freebsd.org>; Wed, 22 Aug 2001 07:38:59 -0700 (PDT)
	(envelope-from simon@optinet.com)
Received: (qmail 84285 invoked by uid 106); 22 Aug 2001 14:39:29 -0000
Received: from 66-65-36-21.nyc.rr.com (HELO sharky) (66.65.36.21)
  by anaconda.acceleratedweb.net with SMTP; 22 Aug 2001 14:39:29 -0000
From: "Simon" <simon@optinet.com>
To: "damir@voljatel.si" <damir@voljatel.si>,
	"freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org>
Date: Wed, 22 Aug 2001 10:38:53 -0400
Reply-To: "Simon" <simon@optinet.com>
X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195)
In-Reply-To: <0108220945240L.00300@pxna>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: secure DNS zone transfer
Message-Id: <20010822143859.2C0A037B40E@hub.freebsd.org>
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org


You can use TSIG, here are a few docs i found by searching
on google.com:

http://www.oreilly.com/catalog/dns4/chapter/ch11.html
http://www.asp.ogi.edu/people/paja/linux/dns/named.conf.slave

Basically, you will have a key and then 

allow-transfer { key key_name; }; in your

master config and 

server master_ip {
            keys { key_name; };
};

in your slave config along with the key

PS: sync the time on your master & slave hosts or this
won't work

-Simon

On Wed, 22 Aug 2001 09:45:24 +0200, Damir Horvat wrote:

>Hello!
>
>I have name servers on public network without any ip filternig (yet). 
>I would like to ensure secure zone transfers from master to slave. 
>
>One way is to setup IPSec between 2 hosts I've been told. I've never 
>done this, so for now it's my only solution. 
>
>I'm using  named 8.2.3-REL.
>
>Does someone know some other solution?
>
>Thanks,
>damir
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message
>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message