bind9 signed zone transfers

Notes on setting up bind9 signed zone transfers

Create a public private key pair
# dnssec-keygen -a HMAC-MD5 -n HOST -b 128 signed


The keys
# ls *signed*
Ksigned.+157+22132.key Ksigned.+157+22132.private


# cat Ksigned.+157+29131.key 
signed. IN KEY 512 3 157 Dabcdr5JO39Z4321JeCh8g==



Add key(s) to the conf files,

eg:
on 1.1.1.1
key signed { algorithm hmac-md5; secret "Dabcdr5JO39Z4321JeCh8g=="; };
server 2.2.2.2 {
  transfer-format many-answers;
  keys { signed.; };
};
and on 2.2.2.2
key signed { algorithm hmac-md5; secret "Dabcdr5JO39Z4321JeCh8g=="; };
server 1.1.1.1 {
  transfer-format many-answers;
  keys { signed.; };
};




Bind9 signed zone transfers