Howard M. Kash III wrote:
In 2.2.0, when using the new <zonename>.tsiginfo format, is the IP
address in the tsiginfo file ignored when multiple masters are present
in the nsd.zones file? Or should the IP addresses of all masters be
listed in the first line of the tsiginfo file?
Before 2.2.0, the filename had to match <master-ip-addresses>.tsiginfo, so if you had a zone with multiple masters like 10.0.0.1 and 192.168.1.1 the file needed to be called "10.0.0.1 192.168.1.1.tsiginfo". At least, that should have worked but I don't think anyone ever really tried to get that working.
So now the alternative is to name the file based on the zone origin. The old way is still supported.
The IP address is always ignored in the .tsiginfo file. The only reason we even have the tsiginfo file now is because of (backwards) compatibility with bind 8's named-xfer. This is likely to change when 2.3.0 is released with server side TSIG support and a "real" configuration file that can be used to store TSIG keys.
In section 3.3.1 of the README file, shouldn't the example tsiginfo
filename be nlnetlabs.nl.tsiginfo, not nlnetlabs.tsiginfo?
Yes. Updated in CVS.
For the root zone, the tsigninfo filename ends up being "..tsiginfo" -
just a bit confusing since it ends up being a "hidden" file.
Uhmm... yes, that is ugly. You could work around it by putting in your .zones file:
zone root root.zone
And start your root.zone file with:
$ORIGIN . (or always use absolute domain names in the zone).
Now the tsiginfo file would be named "root.tsiginfo". Ugly, but zonec only used the origin field in the .zones file to set the initial origin. The owner name of the SOA record is used as the real zone apex.
Section 2.4 of the README needs to be updated to include nsd-xfer.
Done in CVS. Thanks!
Erik