[Pdns-dev] Patch to allow per domain outbound AXFR TSIG key names
Jimmy Bergman | Atomia.com
jimmy at atomia.com
Tue Oct 4 16:21:59 CEST 2011
In our webhosting automation software we are integrating against PowerDNS.
One of our clients had a need to be able to provision per zone TSIG keys
used when type='SLAVE' for outbound AXFR requests.
The current code doesn't really support this. Even though you can specify
TSIG key per domain in domainmetadata, the referenced key-name is then
used to fetch from a global list of keys (tsigkeys).
This means that two zones can't have the same keyname but different TSIG
The attached patch solves this without breaking existing database-schema by
adding the following logic:
If keyname contains :, like "somelocalname:remotename" then use everything
after the : for keyname in signatures with the remote server (remotename in
Hope it is ok for inclusion, if not, comments etc would be greatly appreciated.
Thanks in advance.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 12160 bytes
Desc: not available
More information about the Pdns-dev