Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
Kea
Commits
4fea1ab5
Commit
4fea1ab5
authored
Feb 20, 2012
by
Michal 'vorner' Vaner
Browse files
[1643] Documentation
parent
719a5941
Changes
2
Hide whitespace changes
Inline
Side-by-side
doc/guide/bind10-guide.xml
View file @
4fea1ab5
...
...
@@ -1629,31 +1629,23 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default)</screen>
</simpara></note>
<para>
If you want to require TSIG in access control, a separate TSIG
"key ring" must be configured specifically
for
<command>
b10-xfrout
</command>
as well as a system wide
key ring, both containing a consistent set of keys.
If you want to require TSIG in access control, a system wide TSIG
"key ring" must be configured.
For example, to change the previous example to allowing requests
from 192.0.2.1 signed by a TSIG with a key name of
"key.example", you'll need to do this:
</para>
<screen>
>
<userinput>
config set tsig_keys/keys ["key.example:
<
base64-key
>
"]
</userinput>
>
<userinput>
config set Xfrout/tsig_keys/keys ["key.example:
<
base64-key
>
"]
</userinput>
>
<userinput>
config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "192.0.2.1", "key": "key.example"}]
</userinput>
>
<userinput>
config commit
</userinput></screen>
<para>
The first line of configuration defines a system wide key ring.
This is necessary because the
<command>
b10-auth
</command>
server
also checks TSIGs and it uses the system wide configuration.
</para>
<param>
Both Xfrout and Auth will use the system wide keyring to check
TSIGs in the incomming messages and to sign responses.
</param>
<note><simpara>
In a future version,
<command>
b10-xfrout
</command>
will also
use the system wide TSIG configuration.
The way to specify zone specific configuration (ACLs, etc) is
likely to be changed
, too
.
likely to be changed.
</simpara></note>
<!--
...
...
src/bin/xfrout/b10-xfrout.xml
View file @
4fea1ab5
...
...
@@ -97,13 +97,6 @@
defines the maximum number of outgoing zone transfers
that can run concurrently. The default is 10.
</para>
<para>
<varname>
tsig_key_ring
</varname>
A list of TSIG keys (each of which is in the form of
<replaceable>
name:base64-key[:algorithm]
</replaceable>
)
used for access control on transfer requests.
The default is an empty list.
</para>
<para>
<varname>
transfer_acl
</varname>
A list of ACL elements that apply to all transfer requests by
...
...
@@ -160,13 +153,6 @@
</simpara></note>
<!--
tsig_key_ring list of
tsig_key string
-->
<!-- TODO: formating -->
<para>
The configuration commands are:
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment