Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #49
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!nx01.iad01.newshosting.com!newshosting.com!novia!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Jan-Piet Mens <jpmens.dns@gmail.com> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Securing zone transfer and DDNS |
| Date | Mon, 7 Nov 2011 15:59:34 +0100 |
| Lines | 43 |
| Sender | Jan-Piet Mens <jpmens@gmail.com> |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.9.1320677995.68562.bind-users@lists.isc.org> (permalink) |
| References | <21ed7915.4729b742.4eb72f52.7f82@o2.pl> <4EB746D7.9000205@dougbarton.us> <687fd44f.1f6eb34b.4eb7ebcc.d7948@o2.pl> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| X-Trace | usenet.stanford.edu 1320677995 7013 149.20.64.75 (7 Nov 2011 14:59:55 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bind-users@lists.isc.org |
| To | Aleksander Kurczyk <aleksanderkurczyk@o2.pl> |
| Return-Path | <jpmens@gmail.com> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent:sender; bh=DVzG8W9Sw5ytI4yby49uGQAvn1l0ufgEua7bE3+RtiQ=; b=qO65IlBsxaKxrFQQQB4oCpdZIp3OoGbOmVkbHMPFcAdoO7OZ8v/2OvsNVqrECrx+7+ ixrWKBkGFSiNmc8Y0FI5I6EhaOHEUFiHD55sCAok3LRCyEfZDI/sNVEv08Je6xNVt2Ve UTZtVwnmivWqBNknyJGlRBI1PtcHWpO2W7TXs= |
| Content-Disposition | inline |
| In-Reply-To | <687fd44f.1f6eb34b.4eb7ebcc.d7948@o2.pl> |
| User-Agent | Mutt/1.5.21 (2010-09-15) |
| X-Spam-Status | No, score=-1.6 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham version=3.3.1 |
| X-Spam-Checker-Version | SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| Xref | x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:49 |
Show key headers only | View raw
> Bind version is: 9.7.4
Upgrade; 9.8.1 is current. (In addition, you're reading a book called
BIND 10 -- even though the book doesn't once mention that software!)
> Maybe this is a stupid question but what is ARM?
BIND 9 Administrator Reference Manual. It is provided in multiple
formats within the BIND source distribution. (doc/arm/*)
[...]
I assume what you probably want to do is something like this:
key "my.key" {
algorithm HMAC-MD5;
secret "xxxx";
};
key "my.key2" {
...
};
acl xferkey {
key my.key2;
};
zone "example.net" IN {
type master;
file "example.net";
allow-update {
key "my.key";
};
allow-transfer {
xferkey;
};
};
Create your keys with the dnssec-keygen utility (check its manual page).
Instead of allow-update, I'd like to suggest you read up on the `grant'
statement which allows a much finer granularity on DDNS.
-JP
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Securing zone transfer and DDNS Jan-Piet Mens <jpmens.dns@gmail.com> - 2011-11-07 15:59 +0100
csiph-web