In message <caks98dgecc27tdg0+dtvojbvveof1x+mmuki_tz5taz2ood...@mail.gmail.com>
, Kent Tong writes:
>
> Hi,
>
> I read that Bind9 supports using TKEY for zone transfers. However, I don't
> understand how the TKEY negotiation is triggered. In comparison, for
> dynamic updates, the update-policy will require Bind to determine the
> identity of the requester, but for zone transfer there is only a
> allow-transfer which takes an address_match_list only.
I think you mean TSIG rather than TKEY. Address match lists support
the use of keys.
address_match_list = address_match_list_element ;
[ address_match_list_element; ... ]
address_match_list_element = [ ! ] (ip_address [/length] | key key_id |
acl_name | { address_match_list } )
master:
key "mykey" { algorithm hmacmd5; secret "afasfasfasfasdfsad"; };
zone "example.net" {
type master;
allow-transfer { key mykey; };
file "example.net";
};
slave:
key "mykey" { algorithm hmacmd5; secret "afasfasfasfasdfsad"; };
zone "example.net" {
type slave;
file "example.net";
masters { 1.2.3.4 key mykey; };
};
Mark
> Any info? Thanks in advance!
>
> --
> Kent Tong
> IT author and consultant, child education coach
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
