[dns-operations] using TSIG keys in a mixed environment

Mark Jeftovic markjr at easydns.com
Tue Aug 11 13:52:11 UTC 2015

On 2015-08-10 11:59 PM, Paul Vixie wrote:
> Randy Bush wrote:
>>> If you enable a TSIG key for a zone slaving from a particular master,
>>> all subsequent transfers for any zone slaving from that master will
>>> attempt to use that key (because the key is defined for the host of the
>>> endpoint, not the zone being mirrored)
>> i believe this to be incorrect.  it is per-zone.
> that was true in the earliest BIND9 version that supported TSIG. but
> it's per-zone today.

Kinda makes me wish I asked a long time ago (or read the release notes).


- mark

Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc.
Company Website: http://easydns.com
Read My Blog:    http://markable.com
+1-416-535-8672 ext 225

More information about the dns-operations mailing list