Malformed configuration when using multiple TSIG keys

Question

Malformed configuration when using multiple TSIG keys

Closed this issue 4 years ago · 0 comments

Hi there,

there's a small bug in the template auth_transfer.j2, when configuring multiple TSIG keys in the variable bind_dns_keys.

The produced output is not a valid bind configuration.

Smallest minimal variables needed for reproduction:

bind_listen_ipv4: ['any']
bind_allow_query: ['any']
bind_zone_master_server_ip: 192.168.111.222
bind_zone_domains:
  - name: example.com
bind_dns_keys:
  - name: key1
    algorithm: hmac-md5
    secret: foo
  - name: key2
    algorithm: hmac-md5
    secret: bar

This will produce:

server 1.2.3.4 {
  keys {  key1;  key2;  };
};

key key1 {
  algorithm hmac-md5;
  secret "foo";
key key2 {
  algorithm hmac-md5;
  secret "bar";
};

It should however produce:

server 1.2.3.4 {
  keys {  key1;  key2;  };
};

key key1 {
  algorithm hmac-md5;
  secret "foo";
};
key key2 {
  algorithm hmac-md5;
  secret "bar";
};

I will reference a patch shortly.

KR, Jascha