Hi Einar,
If TSIG is used in both directions (outbound NOTIFY, inbound XFR), I would
recommend reconfiguration to:
server:
automatic-acl: on
remote:
- id: remote01
address: 127.0.0.1
key: my_key
zone:
- domain: example.com
notify: [ remote01 ]
Daniel
On 1/15/24 12:03, Einar Bjarni Halldórsson wrote:
Hi,
I’m updating our config files and I’m wondering if we need to set ‘key’ in
remotes section, and in acl section?
If I have this in my config:
remote:
- id: remote01
address: 127.0.0.1
key: my_key
acl:
- id: allow_transfer
address: 127.0.0.1
key: my_key
action: transfer
zone:
- domain: example.com
acl: [ allow_transfer ]
notify: [ remote01 ]
Couldn’t I just remove key attribute from the remote, since the acl declares
the address and key that are allowed to transfer the zone?
.einar
--
--
