There is currently no mechanism to *require* TSIG keys for AXFR. ALLOW-AXFR-FROM provide a list of IP addresses which can AXFR with or without a TSIG key; TSIG-ALLOW-AXFR names a TSIG key which can be used to AXFR even if the requester's IP address is not included in ALLOW-AXFR-FROM.
On Fri, Apr 24, 2020 at 11:12 AM Stanford Mings via Pdns-users <pdns-users@mailman.powerdns.com> wrote: > > Hello All, > > I am having a problem where while my PDNS server is running and AXFR > transfers are successful, I have not been able to implement TSIG. > > Even after activating the zone, and ensuring the domainmetadata table has the > necessary entries including the ALLOW-AXFR-FROM and TSIG-ALLOW-AXFR , I am > still able to do the transfers without the key. > > What am I doing wrong? > > Any assistance would be appreciated. > > powerdns-4.2.1_1 > mysql57-server-5.7.29_1 > -------------------- > daemon=yes > local-address=*********** > local-port=53 > log-dns-details=yes > log-dns-queries=yes > master=yes > launch = gmysql > disable-axfr=no > gmysql-host = localhost > gmysql-user = *********** > gmysql-password = *********** > gmysql-dbname = powerdns > gmysql-dnssec=yes > -------------------- > Stanford T. Mings Jr. ~Technologist ~ > stanf...@tech.vi ~ http://www.tech.vi ~ 786-269-5718 > > VI Technical Services, LLC ~ 9160 Estate Thomas ~ > Suite 195 ~ St. Thomas, VI, 00802 > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
