[dns-operations] using TSIG keys in a mixed environment

Paul Vixie paul at redbarn.org
Tue Aug 11 03:59:42 UTC 2015

Randy Bush wrote:
>> If you enable a TSIG key for a zone slaving from a particular master,
>> all subsequent transfers for any zone slaving from that master will
>> attempt to use that key (because the key is defined for the host of the
>> endpoint, not the zone being mirrored)
> i believe this to be incorrect.  it is per-zone.

that was true in the earliest BIND9 version that supported TSIG. but
it's per-zone today.

Paul Vixie

More information about the dns-operations mailing list