Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!nx02.iad01.newshosting.com!newshosting.com!198.186.194.249.MISMATCH!transit3.readnews.com!news-out.readnews.com!transit4.readnews.com!panix!usenet.stanford.edu!not-for-mail
From: =?UTF-8?Q?Aleksander_Kurczyk?= <aleksanderkurczyk@o2.pl>
Newsgroups: comp.protocols.dns.bind
Subject: =?UTF-8?Q?Re:_Securing_zone_transfer_and_DDNS?=
Date: Mon, 07 Nov 2011 15:31:40 +0100
Lines: 73
Approved: bind-users@lists.isc.org
Message-ID: <mailman.6.1320676349.68562.bind-users@lists.isc.org>
References: <21ed7915.4729b742.4eb72f52.7f82@o2.pl> <4EB746D7.9000205@dougbarton.us>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
To: bind-users@lists.isc.org
In-Reply-To: <4EB746D7.9000205@dougbarton.us>
Precedence: list
Xref: x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:46

Dnia=207=20listopada=202011=203:47=20Doug=20Barton=20<dougb@dougbarton.us=
>=20napisa=C5=82(a):
>=20First=20question,=20why=20use=202=20keys?=20The=20combination=20of=20=
a=20key=20and=20an=20address
>=20match=20list=20should=20be=20enough.=20Second=20question,=20what=20ve=
rsion=20of=20BIND=20are
>=20you=20using?=20It=20probably=20doesn't=20matter,=20but=20it's=20good=20=
form=20to=20include
>=20that=20information.

Because=20I=20want=20to=20try=20set=20multiple=20key.=20Currently=20I=20h=
ave=20only=20one=20server=20(localhost=20-=20127.0.0.1)=20but=20in=20futu=
re=20on=20real=20working=20network=20I=20would=20have=20to=20setup=20more=
=20than=20one=20server=20and=20I=20don't=20know=20how.=20I=20will=20have=20=
to=20simply=20add=20new=20key=20to=20the=20allow-update=20or=20allow-tran=
sfer=20option?

Bind=20version=20is:=209.7.4

>=20>=20Unfortunately=20when=20I=20add=20to=20the=20keys=20option=20in=20=
server=20section=20more
>=20>=20than=20one=20key=20the=20named=20doesn't=20start=20anymore.=20For=
mat=20of=20the=20key
>=20>=20option=20in=20the=20book=20is=20different=20than=20in=20the=20man=
ual.=20When=20I=20remove
>=20>=20whole=20server=20section=20everything=20works=20ok.=20Is=20the=20=
keys=20section
>=20>=20important?=20For=20what=20this=20section=20is=20for?=20How=20can=20=
I=20use=20one=20key=20to
>=20>=20secure=20zone=20transfer=20to=20one=20host=20and=20other=20to=20s=
ecure=20zone=20transfer=20to
>=20>=20other=20host?=20It=20is=20possible?
>=20
>=20Doesn't=20look=20that=20way.=20The=20ARM=20is=20your=20best=20source=20=
for=20config=20info.

Maybe=20this=20is=20a=20stupid=20question=20but=20what=20is=20ARM?

>=20The=20include=20directive=20is=20related=20to=20adding=20an=20externa=
l=20file=20to=20your
>=20named.conf.=20Unless=20that's=20what=20you're=20intending=20to=20do,=20=
you=20probably
>=20don't=20want=20it=20here.

The=20key=20is=20in=20a=20external=20file.

>=20>=20server=20127.0.0.1=20{=20keys=20{=20"key";=20};=20};
>=20
>=20The=20term=20"keys"=20here=20would=20seem=20to=20indicate=20that=20yo=
u=20can=20add=20multiple
>=20keys=20per=20server,=20but=20...
>=20
>=20>=20zone=20"my.zone"=20in=20{=20type=20master;=20file=20"my.zone";=20=
allow-transfer=20{=20key
>=20>=20"key";=20};=20allow-update=20{=20key=20"key";=20};=20};
>=20
>=20I=20don't=20see=20anything=20in=20the=20ARM=20about=20including=20key=
=20directives=20in=20the
>=20allow-update=20or=20allow-transfer=20grammar.

Without=20that=20(keys=20only=20in=20server=20section)=20I=20can=20transf=
er=20whole=20domain=20(dig=20my.zone=20axfr)=20without=20passing=20any=20=
key.

>=20You=20can=20probably=20also=20get=20some=20useful=20information=20by=20=
using=20named-checkconf.

Named-checkconf=20returning=20an=20error=20with=20"}"=20expected=20after=20=
";"=20and=20";"=20expected=20after=20"}".

--=20
Pozdrawiam,
Aleksander=20Kurczyk