Use a Transaction Signature (TSIG) key
Generate TSIG key
sudo dnssec-keygen -a hmac-md5 -b 128 -n HOST yourserver
Create BIND9 key file
sudo cut -d ' ' -f 7 K*.key | echo -e "key \"yourserver\" {\n\talgorithm hmac-md5;\n\tsecret \"$(cat /dev/stdin)\";\n};" > yourserver.key
Move key to BIND installation
sudo mv yourserver.key /etc/bind/ cd /etc/bind sudo chown root:bind yourserver.key sudo chmod 640 yourserver.key
Add Interface server definition
In your BIND configuration (mine is named.conf.options) add the following:
include "/etc/bind/yourserver.key";
server 130.195.11.127 { // Interface slave server
keys { yourserver; };
};In your BIND zone configuration (mine is named.conf.local) modify your zone so it looks like this:
zone "yourzone" {
type master;
file "somefile";
allow-transfer { 130.195.11.127; };
};
ALWAYS check configuration before restarting BIND
named-checkconf
Setting up Interface servers
You will need to give your key file to to an Interface Sysadmin. You should not use email, unless it is encrypted with something like GPG.
Arrange to meet a sysadmin and give them either the file or the "secret" part. Once they have installed it in the Interface server's configuration they will contact you and you can update your zone to show Interface as a slave.