On Mon, 15 Jan 2024 11:03:49 +0000
Einar Bjarni Halldórsson <[email protected]> wrote:
> Hi,
>
> I’m updating our config files and I’m wondering if we need to set
> ‘key’ in remotes section, and in acl section? If I have this in my
> config:
>
> remote:
> - id: remote01
> address: 127.0.0.1
> key: my_key
^^This looks like incomplete config. It should have port in it. I'd
expect:
remote:
- id: remote01
address: 127.0.0.1@53
Remote configuration tells where to contact.
> acl:
> - id: allow_transfer
> address: 127.0.0.1
> key: my_key
> action: transfer
And acl describes which ip can transfer.
> zone:
> - domain: example.com
> acl: [ allow_transfer ]
> notify: [ remote01 ]
>
> Couldn’t I just remove key attribute from the remote, since the acl
> declares the address and key that are allowed to transfer the zone?
Remote declaration needs port and acl doesn't have port (allows all
source ports). So I'd say you need both.
--
Tuomo Soini <[email protected]>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
--
