Re: secure zone transfer and dynamic update

saravanan ganapathy <sarav_gsa@yahoo.com> wrote:
> Hai,
> I have configured bind9.2 on my debian woody.TSIG
> also configured for zone Txfr and ddns update.

> My config file as

> zone "abc.com" {
> type master;
> file "abc";
> allow-transfer {key abc.com;};
> allow-update { key abc.com;};
> };
> server 50.50.50.1 {
> keys { abc.com ;};
> };
> key "abc.com." {
> algorithm HMAC-MD5;
> secret "aasfsv131414";
> };

> I also configured slave server with this TSIG.It works
> well.
>
> My Problem:
> ------------
> The master server gives the zone data to any server
> which have the same TSIG key, though I have specified
> the slave server ip address only in the master server.

> The server should responds for zone txfr only when
> both the ip address and TSIG key matches.

> How to configure this?

> I have the same problem with ddns update also.

> Pls guide me

> Note :

> Even " allow-transfer {key abc.com;50.50.50.1;}; "
> doesn't help

No surprice, this represents a logical or statement.

See the section 6.2.24.4. Dynamic Update Policies which might
give you some more control, the "xfer-policy" command seems
unimplemented ( Jim, are you taking notes ?)

> Sarav









> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com


--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.