Shane Wegner wrote:
Hello,
I am looking at setting up tkey between master and slave
nameservers but have been unable to find documentation on
how to get this going properly. In the bind9 manual, there
is a whole section on TSIG and setting up shared secrets
between servers but how does one do it the TKEY way? That
is, not having to generate different keypairs per host?
I'm not sure why you think you would _need_ different
key[pair]s per host. I take care not to share the
same secret with more than one organization. That way,
each distinct trust relationship has a specific secret,
but we, as well as any organization carrying multiple
zone instances for us, are spared the administrative
overhead of managing too many secrets.
ATB
Niall O'Reilly
University College Dublin IT Services
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
