[Pdns-users] TSIG Config

Kevin P. Fleming kevin at km6g.us
Fri Apr 24 15:17:52 UTC 2020


There is currently no mechanism to *require* TSIG keys for AXFR.
ALLOW-AXFR-FROM provide a list of IP addresses which can AXFR with or
without a TSIG key; TSIG-ALLOW-AXFR names a TSIG key which can be used
to AXFR even if the requester's IP address is not included in
ALLOW-AXFR-FROM.

On Fri, Apr 24, 2020 at 11:12 AM Stanford Mings via Pdns-users
<pdns-users at mailman.powerdns.com> wrote:
>
> Hello All,
>
> I am having a problem where while my PDNS server is running and AXFR transfers are successful, I have not been able to implement TSIG.
>
> Even after activating the zone, and ensuring the domainmetadata table has the necessary entries including the ALLOW-AXFR-FROM and TSIG-ALLOW-AXFR , I am still able to do the transfers without the key.
>
> What am I doing wrong?
>
> Any assistance would be appreciated.
>
> powerdns-4.2.1_1
> mysql57-server-5.7.29_1
> --------------------
> daemon=yes
> local-address=***********
> local-port=53
> log-dns-details=yes
> log-dns-queries=yes
> master=yes
> launch = gmysql
> disable-axfr=no
> gmysql-host = localhost
> gmysql-user = ***********
> gmysql-password = ***********
> gmysql-dbname = powerdns
> gmysql-dnssec=yes
> --------------------
> Stanford T. Mings Jr. ~Technologist  ~
> stanford at tech.vi ~ http://www.tech.vi ~ 786-269-5718
>
> VI Technical Services, LLC ~ 9160 Estate Thomas ~
> Suite 195 ~ St. Thomas, VI, 00802
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users


More information about the Pdns-users mailing list