On Fri, 24 Apr 2009, Terry wrote: > Thanks for your reply. On my slave, I have this: > > server 10.25.1.10 { > keys { > omajelns01.omajelns02; > }; > }; > > It will sign all requests between these hosts. If requests come > across that appear to be from these hosts and they are not signed, the > server at either end will reject the requests (i am pretty sure that's > the whole idea but just clarifying)? If that's the case, I like this > architecture, it's simple and provides a level of security without a > great deal of configuration overhead.
No. The ARM says "A request originating from the remote server is not required to be signed by this key." You could use allow-transfer (site-wide or per zone) using a key there for transfers only. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users