[Opendnssec-develop] DNS adapters configuration
Matthijs Mekking
matthijs at NLnetLabs.nl
Thu Sep 15 13:57:25 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/08/2011 12:31 PM, Matthijs Mekking wrote:
...
>
> The acl.xfr file contains tsig, master and slave address and such. The
> syntax is as follows:
>
> start = element Adapter {
> # Type of adapter
> attribute type { xsd:string },
>
> # inbound zone transfer settings
> element Inbound {
> # what TSIG secret to use
> tsig?,
> element RequestTransfer { remoteAddress }*,
> element AllowNotify { remoteAddress }*,
> },
>
> # outbound zone transfer settings
> element Outbound {
> # what TSIG secret to use
> tsig?,
> element ProvideTransfer { remoteAddress }*,
> element Notify { remoteAddress }*,
> }
>
This is not entirely correct, tsig should be on a per server base, not
per zone base:
More something like:
element Inbound {
element RequestTransfer { remoteAddress, tsig? }*,
element AllowNotify { remoteAddress, tsig? }*,
},
or
element Inbound {
# zero or more TSIG secrets
tsig*,
element RequestTransfer { remoteAddress, tsig_id? }*,
element AllowNotify { remoteAddress, tsig_id? }*,
},
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOcgRFAAoJEA8yVCPsQCW57J0IALPhq2PYPkANq85XYwGxgbZU
12i77JJn04Li1w1CI5XAxsi+DLxUPeiB1AKKyUrghk8Pgv3pDjjcdCluaPL/KYTS
BrdfC5XHAZN4iqmJs0MYd+kkPc8xy3w815b+2OsRpKpWHBtXtrgR+rdA5ZSuRRPH
82mRcau0OVWkGnnXX/lsLJrZYz9TaBEoCOSI3UZeRxy6Ucbd/yZmwiubto5AYOEO
9pHdbheBw4qQHnaP0xrbhOpj3v9YWeJm/HrF/H/1TX2DigBKV5wBj0CpZAl3EXFB
VujxnMtfLCItY+YfQglkD/khZYBtYi9rGm9TWK0D9bHmQ4kbkbYa/ng04tQKB9E=
=9X62
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list