- JH Software
- What's New
- News story
Secure zone transfers in Simple DNS Plus v. 5.2
Tuesday, 17 March 2009
The upcoming Simple DNS Plus v. 5.2 supports secure zone transfer (TSIG authenticated).
Both zone transfer requests and responses are authenticated, so this provides protection in two ways; it prevents unauthorized transfers (only people / servers with the correct key can transfer), and it ensures data integrity on secondary servers (not possible to spoof / inject false data during transfers).
In the Zone Properties dialog, you can now specify the TSIG key(s) which are allowed to transfer the zone:
For each key, you specify a key name, signing algorithm, and a secret:
For secondary zones, you can now specify the key to sign zone transfer requests with:
In the Options dialog / DNS / Local Zones / Zone Transfers section, it is now also possible to specify keys which are allowed to transfer all zones:
And in the Options dialog / DNS / Local Zones / Super Master/Slave section, it is now possible to allow / disallow un-signed zone transfer requests from slave server - and to specify keys for master servers:
Adding / editing a master server:
This new feature is available in Simple DNS Plus v. 5.2 BETA build 25 and later - now available at http://www.simpledns.com/beta.aspx
For other updates in this BETA build, please see the beta release notes