[Pdns-dev] Patch to allow per domain outbound AXFR TSIG key names

Jimmy Bergman | Atomia.com jimmy at atomia.com
Tue Oct 4 16:21:59 CEST 2011


In our webhosting automation software we are integrating against PowerDNS.

One of our clients had a need to be able to provision per zone TSIG keys
used when type='SLAVE' for outbound AXFR requests.

The current code doesn't really support this. Even though you can specify
TSIG key per domain in domainmetadata, the referenced key-name is then
used to fetch from a global list of keys (tsigkeys).

This means that two zones can't have the same keyname but different TSIG

The attached patch solves this without breaking existing database-schema by
adding the following logic:

If keyname contains :, like "somelocalname:remotename" then use everything
after the : for keyname in signatures with the remote server (remotename in

Hope it is ok for inclusion, if not, comments etc would be greatly appreciated.

Thanks in advance.

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdns-trunk-r2279-allow_per_domain_tsig_keynames.1.patch
Type: text/x-diff
Size: 12160 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20111004/941671c8/attachment.patch>

More information about the Pdns-dev mailing list