SIDN Labs DNS Workbench - Transfers and TSIG

All zones are transferable from all servers. This gives users the option to set up their own systems as 'hidden' slaves; they will not get NOTIFY messages, and they are not announced in the zones, but you can use it to test transfers.

This also gives you the option to inspect the full zones in case there is some interesting behaviour.

Aside from plain transfers, there are also TSIG keys configured:
(NOTE: Yadifa and PowerDNS don't have TSIG keys configured just yet)

wb_md5 Wu/utSasZUkoeCNku152Zw==
wb_sha1 hmac-sha1 Vn37JPSCmaCHKJhghcpRg8m6PlQ=
wb_sha1_longkey hmac-sha1 uhMpEhPq/RAD9Bt4mqhfmi+7ZdKmjLQb/lcrqYPXR4s/nnbsqw==
wb_sha256 hmac-sha256 npfrIJjt/MJOjGJoBNZtsjftKMhkSpIYMv2RzRZt1f8=


$ drill -y "wb_md5:Wu/utSasZUkoeCNku152Zw==" axfr | wc -l

$ drill axfr | wc -l

Knot config snippet:
  - domain:
    acl: any
    acl: awb_md5
    acl: awb_sha1
    acl: awb_sha1_longkey
    acl: awb_sha256
    file: "/var/dns-workbench/zones/"