On Mon, Jul 27, 2015 at 04:33:06PM +0100, Tony Finch wrote: > It isn't a very good idea to use the same key for zone transfers and > for rndc. It is common to allow zone transfers to third parties, and > you don't want them to be able to fiddle with your name server!
Sometimes, in my experience, people do this because rndc-confgen is relatively easy to use, but generating other keys using dnssec-keygen is cumbersome. So I'll just take this opportunity to mention that in the more recent versions of BIND you can use 'tsig-keygen <name>', it's much easier. Or if you're on an older release, 'ddns-confgen -q -k <name>' does the same thing. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users