DNS/TSIG setup
From: Hamish Moffatt (hamish_at_debian.org)
Date: 08/31/03
- Previous message: Ron Johnson: "Re: sed question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 1 Sep 2003 00:56:21 +1000 To: debian-user@lists.debian.org
Hi,
I want to use TSIG (keys etc) to transfer DNS data between the primary
server and the secondary with BIND 8.
I ran dnskeygen to get an HMAC-MD5 key. I put the secret from the .private
file into a "key" section on the primary and secondary. I put the name
of the key into the allow-transfer section of the relevant zones on
the primary, and in a server section for the primary's IP on the secondary.
But when the secondary goes to do a transfer, the primary logs the
following:
Aug 31 09:51:48 risingsoftware named[675]: denied AXFR from [secondary's_ip].33375 for "thedomainname" IN (acl)
I can't work out why. Documentation for this seems to be lacking too
(the BIND manual is almost useless). Can anyone help?
thanks,
Hamish
-- Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au> -- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Ron Johnson: "Re: sed question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- [UNIX] Hardening the BIND DNS Server
... Hardening the BIND DNS Server ... Your Domain Name Service is the road sign
to your systems on the Internet. ... (Securiteam) - Re: PDC Is not replicating !!
... Manage to change the Driver issue to boot the server. ... Starting test: Connectivity
... Starting test: Replications ... LDAP Bind. ... (microsoft.public.win2000.active_directory) - Re: Mail server security - best practices?
... Both BIND and qmail are pretty secure, ... and mail on a server
that's 'half-internal' in that you seem not to ... I still employ IMAP-SSL on the private server,
... (comp.unix.bsd.openbsd.misc) - Re: DNS Poisoning, pharming, pollution
... running Windows 2003 and have the "secure cache against pollution" setting ...
the next thing to look for would be a malicious program on the server. ... >> Every
server is configured with our ISP's DNS resolvers as forwarders. ... but I don't think
we're running BIND. ... (microsoft.public.windows.server.dns) - Re: bind hack?
... He writes BIND 9. ... rfcs as documentation and therefor basis for design
it is a shitload ... dns server software developed, tested and finally deployed. ...
security dilemma since this monoculture defines the standard. ... (FreeBSD-Security)
