On 12/27/2016 01:36 AM, Berry A.W. van Halderen wrote:
So I think that TSIG authorization isn't supported (yet) for
OpenDNSSEC. There is a bit of rationale why for inbound xfers
it is less used. Most of the times OpenDNSSEC is used where
the incoming zones are from a secured path anyway. Securing
by just restricting the address is enough.
Because it the setup you're looking for you are using
127.0.0.1, this might be the case as well and just removing
the requirement from the bind definition to require TSIGs
from 127.0.0.1 will make this work.
Yes the documentation does not explicitly state this and it is
certainly a feature worth implementing.
IIUC, you're talking about inbound transfer from bind to ods.
As in my latest summary post, I'm not currently having problems with the
inbound transfer; it's working.
It's the OUTBOUND notify, in my case from ods to the secondary nsd4
instance, that's failing.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
