Maintained by: NLnet Labs

[Unbound-users] TSIG for forward-zones?

Jan-Piet Mens
Tue Nov 22 15:22:00 CET 2011


Hello,

are there any plans to add TSIG to forward-zones (also ".") in Unbound? 

I have a requirement for deploying Unbound on workstations to have
access to a number of "private" zones (currently served by BIND). Access
to the server is protected by TSIG keys.

I note TSIG support appears to be implemented in LDNS, so I'm asking
whether Unbound can add that functionality to provide something like
this:

        key:
          name: "jp-key"
          algorithm: hmac-md5
          secret: "dRNZ....42y8+Lt1j46tA1w=="

        forward-zone:
          name: "example.com"
          key: "jp-key"
          forward-addr: 192.0.2.68

(Syntax for key swiped from NSD :)

Regards,

        -JP