Let me ask a follow-on question. I have set up a primary & a slave in two
different time zones, using the format shown by Mark. Both machines are
running local time, so the hours are different. Would this be the cause of
my getting REFUSED on all transfer attempts between these two machines? I
have other slaves on the same ethernet as the master, and they work fine.
Do I need to set both machines to GMT?
At 06:13 AM 6/25/02 -0500, J.D. Bronson wrote:
>At 09:47 PM 6/24/2002, Mark.Andrews@xxxxxxx wrote:
>
> > >
> > > Does anyone have a good site to explain TSIG setup?
> > > I have the book, and it doesnt show much of an example.
> > >
> > > I am interested in having BIND 9.2.1 use TSIG from Master -> slave
> > > for zone updates (only).
> > >
> > > No matter what I have tried, I end up with REFUSED.
> > >
> > > As long as I dont specify TSIG, the zones transfer fine.
> > >
> > > It would help to see a named.conf file from the master and from the slave
> > > pointing to what the correct syntax is for each....
> > >
> > > I can generate the keys just fine, but have a feeling they are not being
> > > 'used' during the transaction.
> > >
> > > TIA..
> > >
> > > Jeff
> > >
> > >
> >
> > Slave 1:
> > key "example.key" {
> > ...
> > };
> > server 10.0.0.1 {
> > key example.key;
> > }
> > zone example {
> > type slave;
> > file "example";
> > masters { 10.0.0.1; };
> > allow-transfer { key example.key; };
> > };
> >
> > Slave 2:
> > key "slave2.key" {
> > ...
> > };
> > zone example {
> > type slave;
> > file "example";
> > masters { 10.0.0.1 key slave2.key; };
> > allow-transfer { key slave2.key; };
> > };
> >
> > Master:
> > key "example.key" {
> > ...
> > };
> > zone example {
> > type master;
> > file "example";
> > allow-transfer { key example.key; key slave2.key; };
> > };
> >--
> >Mark Andrews, Internet Software Consortium
>
>This was of great help. Another individual sent me to a web site with a
>course PDF that explained this is great detail.
>
>One thing I need clarified though:
>
>Currently, I have 1 primary and 2 slaves. ZOne transfers/updates using
>normal methods are working nicely now (again thanks to help from people here).
>
>However, while reading the Bind book, it states that the slaves should not
>allow transfers....and I agree with this statement!
>
>So, in my named.conf on the slaves:
>
>zone "bar.com" {
> type slave;
> file "/zones/db.bar.com";
> masters { 1.2.3.4; };
> allow-transfer { none; };
>
>The above example of TSIG seems to go against what is recommended :
>
>zone example {
> type slave;
> file "example";
> masters { 10.0.0.1; };
> allow-transfer { key example.key; };
>
>
>I just want to verify that this must be the case (so it seems).
>
>Thanx to all who responded. I really appreciate it!
>
>Jeff
Roger Hartmuller Network Associates, Inc.
roger@xxxxxxxxxxx 15204 Omega Drive
Suite 300
Network Associates Laboratories Rockville, MD 20850-4601
(V) 301-947-7175 (F) 301-527-0842
|
