Hi Tuomo, > On 15 Jan 2024, at 15:45, Tuomo Soini <[email protected]> wrote: >> >> >> Couldn’t I just remove key attribute from the remote, since the acl >> declares the address and key that are allowed to transfer the zone? > > Remote declaration needs port and acl doesn't have port (allows all > source ports). So I'd say you need both. >
But do I need the TSIG key configured both in remote section, and in acl section? I guess my point is, what is the purpose of the key attribute in remote section? .einar --
