Re: Securing zone transfer and DDNS

Mon, 07 Nov 2011 06:33:31 -0800 

Dnia 7 listopada 2011 3:47 Doug Barton <[email protected]> napisaƂ(a):
> First question, why use 2 keys? The combination of a key and an address
> match list should be enough. Second question, what version of BIND are
> you using? It probably doesn't matter, but it's good form to include
> that information.

Because I want to try set multiple key. Currently I have only one server 
(localhost - 127.0.0.1) but in future on real working network I would have to 
setup more than one server and I don't know how. I will have to simply add new 
key to the allow-update or allow-transfer option?

Bind version is: 9.7.4

> > Unfortunately when I add to the keys option in server section more
> > than one key the named doesn't start anymore. Format of the key
> > option in the book is different than in the manual. When I remove
> > whole server section everything works ok. Is the keys section
> > important? For what this section is for? How can I use one key to
> > secure zone transfer to one host and other to secure zone transfer to
> > other host? It is possible?
> 
> Doesn't look that way. The ARM is your best source for config info.

Maybe this is a stupid question but what is ARM?

> The include directive is related to adding an external file to your
> named.conf. Unless that's what you're intending to do, you probably
> don't want it here.

The key is in a external file.

> > server 127.0.0.1 { keys { "key"; }; };
> 
> The term "keys" here would seem to indicate that you can add multiple
> keys per server, but ...
> 
> > zone "my.zone" in { type master; file "my.zone"; allow-transfer { key
> > "key"; }; allow-update { key "key"; }; };
> 
> I don't see anything in the ARM about including key directives in the
> allow-update or allow-transfer grammar.

Without that (keys only in server section) I can transfer whole domain (dig 
my.zone axfr) without passing any key.

> You can probably also get some useful information by using named-checkconf.

Named-checkconf returning an error with "}" expected after ";" and ";" expected 
after "}".

-- 
Pozdrawiam,
Aleksander Kurczyk
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to