[AusNOG] .com.au registrar
Mark Andrews
marka at isc.org
Mon Sep 1 18:12:43 EST 2014
In message <5ntvyagnkrniavl2qot72jrs.1409558588354 at email.android.com>, "Beeson, Ayden" writes:
>
> Key secured I'd assume for MelbourneIT?
>
> Last time I looked (at least for bind) you can have the zone transfer
> restricted by ip or key, but not both...
Actually named supports doing both.
allow-transfer { !{ !1.2.3.4; any; }; key 1.2.3.4-transfer-key; };
which say deny any address but 1.2.3.4 the permit key 1.2.3.4-transfer-key.
That said there is little benefit in doing both. TSIG is so much stronger than
a IP address. It's like adding a sheet of wet paper to a safe door.
> The choice would be case by case for most people I'd assume...
>
> Cheers,
> Ayden
> (This email was sent from a mobile device, please forgive any typos etc)
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the AusNOG
mailing list