[Pdns-dev] Patch to allow per domain outbound AXFR TSIG key names
Jimmy Bergman | Atomia.com
jimmy at atomia.com
Tue Oct 4 16:21:59 CEST 2011
Hi
In our webhosting automation software we are integrating against PowerDNS.
One of our clients had a need to be able to provision per zone TSIG keys
used when type='SLAVE' for outbound AXFR requests.
The current code doesn't really support this. Even though you can specify
TSIG key per domain in domainmetadata, the referenced key-name is then
used to fetch from a global list of keys (tsigkeys).
This means that two zones can't have the same keyname but different TSIG
secret.
The attached patch solves this without breaking existing database-schema by
adding the following logic:
If keyname contains :, like "somelocalname:remotename" then use everything
after the : for keyname in signatures with the remote server (remotename in
example).
Hope it is ok for inclusion, if not, comments etc would be greatly appreciated.
Thanks in advance.
Best regards,
Jimmy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdns-trunk-r2279-allow_per_domain_tsig_keynames.1.patch
Type: text/x-diff
Size: 12160 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20111004/941671c8/attachment.patch>
More information about the Pdns-dev
mailing list