Modify BIND ACLs on-the-fly?
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Nov 22 13:19:30 UTC 2011
On 22.11.11 13:42, Jan-Piet Mens wrote:
>I'm looking at a BIND installation with a largish number of views, each
>of which allow recursion and contain a couple of RPZ zones. Each view
>has a `match-clients{}' option limiting access to the view to a very
>small number of addresses. (Typically the single address of a client
>with a dynamic IP address.)
>
>When the IP of the client changes (reported and handled out-of-band),
>the address_match_list in the view must be modified, which I can do with
>includes & scripting-magic followed by `rndc reconfig', but can I do
>this more elegantly?
afaik your client can identify itself by TSIG instead of IP address.
of course, this requires tyour client to support TSIG
...
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
More information about the bind-users
mailing list