Add support for keys in BIND configuration
- To use keys is very simple you see the motivation is that as an ISP there is pri/sec servers that you don’t own and need to accommodate. See the key part that is one small entry in each server conf (see below named.conf).
To use the key the zonefile in slave looks like this
zone "domain.tld" IN { type slave; file "/etc/bind/slave/sec. domain.tld "; masters {primary server; }; allow-transfer { key key-name; }; };
On the primary side
options { allow-transfer { key key-name; };
key {key-name} { algorithm hmac-md5; secret "xxxxxxxxxxxxxxxxxxxxxxx"; < some key };
- The second issue is that Most ISP's have secondary hosting of DNS that I could not add using the UI I added them in a separate file "/etc/bind/named.conf.local.extended" and included it in the named.conf.
You see these domains is "only" secondary/slave DNS and there is no web nor mail on this server.
root@server1:/etc/bind# cat named.conf
key {key-name} { algorithm hmac-md5; secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="; < some key }; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.local.extended"; include "/etc/bind/named.conf.default-zones";