Re: How to *require* TSIG for NOTIFY

On 15. 11. 22 17:27, Jesus Cea wrote: On 15/11/22 5:40, Ondřej Surý wrote: It’s `also-notify ;` and `notify explicit;` The online documentation is here: https://bind9.readthedocs.io/en/v9_16_34/reference.html That configuration

Re: How to *require* TSIG for NOTIFY

On 15/11/22 5:40, Ondřej Surý wrote: It’s `also-notify ;` and `notify explicit;` The online documentation is here: https://bind9.readthedocs.io/en/v9_16_34/reference.html That configuration affects to the primary, I don't see how it

Re: How to *require* TSIG for NOTIFY

It’s `also-notify ;` and `notify explicit;` The online documentation is here: https://bind9.readthedocs.io/en/v9_16_34/reference.html Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal

Re: How to *require* TSIG for NOTIFY

On 15/11/22 3:30, Mark Andrews wrote: NOTIFY is a hint for the secondary to perform a SOA refresh query sooner than the SOA query triggered by REFRESH and RETRY. Those queries are rate limited. Additionally multiple notify messages often coalesce into one action as the server is waiting to

Re: How to *require* TSIG for NOTIFY

> On 15 Nov 2022, at 12:41, Jesus Cea wrote: > > Hi everybody, > > I can configure my bind master to send TSIG in the NOTIFY messages, but I am > not able to configure secondaries to *ONLY* allow NOTIFY with a valid TSIG. > > In the slave zone config I have something like: > > """ > zone

How to *require* TSIG for NOTIFY

Hi everybody, I can configure my bind master to send TSIG in the NOTIFY messages, but I am not able to configure secondaries to *ONLY* allow NOTIFY with a valid TSIG. In the slave zone config I have something like: """ zone "XXX" { type slave; ... allow-notify { key "KEY_TSIG"; };