[yadifa-users] key / server association in the acl

Hudec Peter phudec at cnc.sk
Mon Aug 18 11:51:45 CEST 2014


I need to do following setup on 1.0.3 version
To setup a master with the AXFR TSIG zone transfer to the slaves but only
slaves and their keys.

The same problem I had with ISC Bind, described on my page

        name    company-tsig-key01
        algorithm       hmac-md5
        secret  QM2N0SAM6Wsnkm+47iMUvA==

        slave01		key  company-tsig-key01

        domain          example.com
        file            masters/example.com
        type            master

        allow-transfer  slave01

This setup allows to do the AXFR form any location when good TSIG is

When I combined the key and ip together I got error. Actually the error is
one line before with the NEGATION.

	not-slaves      ! slaves ; any
	company-slaves  ! not-slaves ; key company-tsig-key01

config: <acl>: ACL_UNEXPECTED_NEGATION ( 'not-slaves' = '! slaves ; any'
[] )
config: at /usr/local/yadifa/etc/yadifad.conf:10: ACL_UNEXPECTED_NEGATION)
2014-08-18 11:46:27.631979 | server   | E | config: <acl>:
ACL_UNEXPECTED_NEGATION ( 'not-slaves' = '! slaves ; any' [] )
2014-08-18 11:46:27.631985 | server   | E | config: at
/usr/local/yadifa/etc/yadifad.conf:10: ACL_UNEXPECTED_NEGATION)

So the final question. Is there any way how to allow AXFR only form some

	Best regards
		Peter Hudec

More information about the yadifa-users mailing list