Option to provide AXFR secret (TSIG) #981
Comments
|
That would also require to include DNSSEC if i see this correctly |
|
I think those are two different things. Summary:
|
|
According to that guide, if such key is already setup, we'd only need the key "name" for the generated zones. |
|
If you mean included with setup, yes. The impact in the conf file is quite minimal. But you need to create that keyfile with the key itself and instructions to use the key "name" for the AXFR slave IP address. What I´m not sure about is if you can use the same key for multiple slaves or if you have to set one key per slave. |
|
addition: you are probably right. you just need to define the key and add it to the allow-transfer section of the zone. No need to add the slave in the keyfile - if I read the bind docs correctly:
|
|
That's what I meant, everything else needs to be done on master AND Slave hence not much sense for froxlor to do that only for the master. Maybe we can provide a small tutorial in our wiki for the creation and integration so People are not totally lost, what do you think? |
|
If that feature is present, of course. The slave has to be configured manually anyway. Only thing froxlor needs to do is to include the key/ make it possible to use that key in the AXFR field. |
|
Just to clarify: there has to be some work within froxlor to make use of that key, correct? |
|
Depends. When froxlor should also do the key-mgmt and creation and named config then yes. If it's just the key-entry for every zone, then it's not a big deal |
Hello,
to secure the AXFR transfer I want to request an option to add a TSIG secret in the DNS options.
Best regards,
Af0x
The text was updated successfully, but these errors were encountered: