Folks,
Came across usage of a keyid as an address list in a
allow-transfer option on a older server site. Didn't really know that was
legal. It seemed an easier way to allow zone transfers without constantly
updating a list of IP addresses on a master server. The only trouble - it
didn't seem to actually work?
We've been trying it in a older lab server running a Solaris
9.9.9-S4 version of bind. The master has:
options {
....
allow-transfer {key bongo; 192.168.1.1};
};
key "bongo" {
algorithm hmac-md5;
secret "BippityBop";
};
The slave server defines the same key and is located at
192.168.1.1. When we use the above on the master, transfers for any zone work
fine. If we remove the IP address and try a transfer we get 'denied'. What
are we missing? Thought we might have to associate the keyid with zones on the
slave, but couldn't find any options for that??? We don't use TSIG on these
servers.
Thanks for the help!
John
----------------
John Murtari - [email protected]<mailto:[email protected]>
Ciberspring
office: 315-944-0998
cell: 315-430-2702
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
