always allowing update from localhost
David Botham
DBotham at OptimusSolutions.com
Tue Oct 19 14:07:48 UTC 2004
bind-users-bounce at isc.org wrote on 10/19/2004 04:36:23 AM:
> =2D----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi,
> one more question:
> is there a possibility to alway allow updates from localhost regardless
of =
> a view or do a i have to write a own view with match-clients {
localhost; }=
> ; with all my zones in it?
The problem you have is not exactly an "allow" or "deny" problem.
Remember, when you request a zone transfer from named it needs to know
which zone you want. Because you are using views two zones with the same
name can exist in different views. Therefore, named must have a way of
determining which zone *and* which view you are requesting before it can
honor your request. There are 2 ways named determines the view for a
given request. One is by the source IP of the request (match-clients) and
the other is the destination IP of the request (match-destinations). Check
the ARM for the syntax for these options. It is worth noting that the use
of 'match-destinations' will require multiple IP addresses on the name
server.
So, the short answer to your question is most likely no.
hth,
Dave...
>
> Clemens
> =2D --=20
> Besuchen sie uns doch im Internet:
> http://www.schuhklassert.de
> Visit us in the Internet:
> http://www.schuhklasssert.de
>
> pgp key:
> 0xCB9C7C6B
> =2D----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFBdNIN/9rd+8ucfGsRAvHxAKCLxLtmk4LPpiJ5RxW7OCItMNesWwCfWT3j
> kQ62H4a/svG5ffCuE81eiiY=3D
> =3DwGT1
> =2D----END PGP SIGNATURE-----
>
More information about the bind-users
mailing list