hi,
On Sun, 05 Dec 2010 20:57 +, "Evan Hunt" wrote:
> I haven't tested this, but I think it will do what you want:
...
> allow-transfer {
> { !notslave1; key key1; };
> { !notslave2; key key2; };
> none;
> };
this !acl format works, but only in the single ACL
> what's the right syntax for enabling IXFR to the entire TSIG- &
> IP-restricted set of hosts in acl_slave_2{}?
I haven't tested this, but I think it will do what you want:
allow-transfer {
{ !{ !1.1.1.1; any; }; key key1; };
{ !{ !2.2.2.2; !3.3.3.3; !4.4.4.4; any; }; key key
hi,
On Sun, 05 Dec 2010 19:16 +0100, "Sten Carlsen"
wrote:
> Given that you control your key distribution correctly and safely, would
> the following work?
>
> allow-transfer { key key-slave-1; key key-slave-2; };
>
>
> Only relevant slaves have the various keys, so do you need to have the
> I
Given that you control your key distribution correctly and safely, would
the following work?
allow-transfer { key key-slave-1; key key-slave-2; };
Only relevant slaves have the various keys, so do you need to have the
IPs mentioned here?
On 05/12/10 18:10, pgngw+dev001+bind-us...@f-m.fm wrote:
i've bind9 running as a primaryhost to a number of bind-andb-other
slaves.
i'm trying to set up to use different TSIG keys with different
secondaries.
in my named.conf, i've
...
acl acl_slave_1 { 1.1.1.1; };
acl acl_slave_2 { 2.2.2.2; 3.3.3.3; 4.4.4.4; 5.5.5.5; };
5 matches
Mail list logo
