[knot-dns-users] Re: TSIG key in remote and acl

15 Led 2024

On 15/01/2024 16:53, Einar Bjarni Halldórsson wrote:

Hi Einar,

...
  But do I need the TSIG key configured both in remote
section, and in acl section?

 I guess my point is, what is the purpose of the key attribute in remote section? 
If you configure a TSIG key in the remote section, then the NOTIFY will 
be signed with the key. This does no harm, but signed NOTIFY messages 
are unnecessary. But be careful. If the remote is Knot DNS or NSD, and 
has been configured with a notify acl containing a key, then, if I 
recall correctly, it will ignore an unsigned NOTIFY. If it's BIND, then 
I think it doesn't care. So if you're going to remove the key from your 
"remote" definition, ensure that the remote will accept your unsigned 
NOTIFY.

Regards,
Anand

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[knot-dns-users] Re: TSIG key in remote and acl