[AusNOG] .com.au registrar

Mark Andrews marka at isc.org
Mon Sep 1 18:12:43 EST 2014


In message <5ntvyagnkrniavl2qot72jrs.1409558588354 at email.android.com>, "Beeson, Ayden" writes:
>
> Key secured I'd assume for MelbourneIT?
>
> Last time I looked (at least for bind) you can have the zone transfer
> restricted by ip or key, but not both...

Actually named supports doing both.

	allow-transfer { !{ !1.2.3.4; any; }; key 1.2.3.4-transfer-key; };

which say deny any address but 1.2.3.4 the permit key 1.2.3.4-transfer-key.

That said there is little benefit in doing both.  TSIG is so much stronger than
a IP address.  It's like adding a sheet of wet paper to a safe door.

> The choice would be case by case for most people I'd assume...
>
> Cheers,
> Ayden
> (This email was sent from a mobile device, please forgive any typos etc)

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the AusNOG mailing list