Secure zone transfers in Simple DNS Plus v. 5.2

Tuesday, 17 March 2009

The upcoming Simple DNS Plus v. 5.2 supports secure zone transfer (TSIG authenticated).
Both zone transfer requests and responses are authenticated, so this provides protection in two ways; it prevents unauthorized transfers (only people / servers with the correct key can transfer), and it ensures data integrity on secondary servers (not possible to spoof / inject false data during transfers).

In the Zone Properties dialog, you can now specify the TSIG key(s) which are allowed to transfer the zone:

Image1.png

For each key, you specify a key name, signing algorithm, and a secret:

Image2.png

For secondary zones, you can now specify the key to sign zone transfer requests with:

Image3.png

In the Options dialog / DNS / Local Zones / Zone Transfers section, it is now also possible to specify keys which are allowed to transfer all zones:

Image4.png

And in the Options dialog / DNS / Local Zones / Super Master/Slave section, it is now possible to allow / disallow un-signed zone transfer requests from slave server - and to specify keys for master servers:

Image5.png

Adding / editing a master server:

Image6.png

This new feature is available in Simple DNS Plus v. 5.2 BETA build 25 and later - now available at http://simpledns.com/beta.aspx

For other updates in this BETA build, please see the beta release notes

 
 
 
Connect