Prev-20 Home Next-20 4 msg unexpected RCODE (SERVFAIL) 3 msg 'named' startup on Fedora Core 6 (/etc/init.d/n... 5 msg Cleaning up DNS zone files... 2 msg it would be nice if NXDOMAIN zonoes could be co... Asymmetric keys with rndc-confgen? \ Gushi (17 Jan 2007) . \ Mark Andrews (17 Jan 2007) 6 msg Bind 9.2.5 and IPv6 fails with client.c:1325: u... 3 msg Measuring response times? 7 msg Bind9 Crazy-high CPU on Linux 2 msg bind9 chaotic freeze problem? 6 msg IDN, dig and underscore 2 msg Maximum Recursion Clients 5 msg DomainKeys Questions 2 msg Can't see internal view on bind server 13 msg Strange: My Bind (8.4.6) freezes randomly 9 msg IN-ADDR.ARPA Zone Delegations 5 msg query vs. recursion? 2 msg BIND 9.2.4 on a Dell 1655MC 4 msg Bind Stats 9 msg Zone transfer master -> slave using views on... 7 msg quick questrion about this List Prev-20 Home Next-20

Prev-Msg Prev-Thread Bind-users Jan-2007 Next-Thread Next-Msg Subject: Re: Asymmetric keys with rndc-confgen? Group: Bind-users From: Mark Andrews Date: 17 Jan 2007 > Every time I've seen rndc-conf generat an hmac-md5 key, the text of the > key has been the same everywhere. rndc uses a *shared* secret. > Yesterday, using 9.3.3 (I believe), I got the following result (at the > end of this). Which should be impossible given how it is printed. } else { printf("\ # Start of rndc.conf\n\ key \"%s\" {\n\ algorithm hmac-md5;\n\ secret \"%.*s\";\n\ };\n\ \n\ options {\n\ default-key \"%s\";\n\ default-server %s;\n\ default-port %d;\n\ };\n\ # End of rndc.conf\n\ \n\ # Use with the following in named.conf, adjusting the allow list as needed:\n\ # key \"%s\" {\n\ # algorithm hmac-md5;\n\ # secret \"%.*s\";\n\ # };\n\ # \n\ # controls {\n\ # inet %s port %d\n\ # allow { %s; } keys { \"%s\"; };\n\ # };\n\ # End of named.conf\n", keyname, (int)isc_buffer_usedlength(&key_txtbuffer), (char *)isc_buffer_base(&key_txtbuffer), keyname, serveraddr, port, keyname, (int)isc_buffer_usedlength(&key_txtbuffer), (char *)isc_buffer_base(&key_txtbuffer), serveraddr, port, serveraddr, keyname); } > Is there some syntax that will cause a public/private key by default > with rndc.confgen? No. > Note: this is not the key I am using, the one I am using IS the same in > both rndc.conf and the bind include file. > > (PS: Maybe asymetric is not the right word?) > > -Dan > > > # Start of rndc.conf > key "rndc-key" { > algorithm hmac-md5; > secret "NlUtbtQyzxVpfQ51W1jEu+UsBN0A3vXs4K2d5Ob0Tzs="; > }; > > options { > default-key "rndc-key"; > default-server 127.0.0.1; > default-port 953; > }; > # End of rndc.conf > > # Use with the following in named.conf, adjusting the allow list as > needed: > # key "rndc-key" { > # algorithm hmac-md5; > # secret "K5YfO1+dX5ku5sXjzSrJyw=="; > # }; > # > # controls { > # inet 127.0.0.1 port 953 > # allow { 127.0.0.1; } keys { "rndc-key"; }; > # }; > # End of named.conf > > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews Prev-Msg Prev-Thread Bind-users Jan-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com