Requesting Update-Policy Statements Sanity Check, Please
Mark Andrews
marka at isc.org
Sat Feb 4 04:14:37 UTC 2023
> On 3 Feb 2023, at 21:47, Darren Ankney <darren.ankney at gmail.com> wrote:
>
> You would probably need to attach your entire named.conf file (with
> sensitive bits (keys and the like) redacted and perhaps subnets
> obscured to examples such as 192.0.2.0/24, for example) before anyone
> would be able to help you.
>
> That being said, your update policy statements don't look correct to
> me. Have you tried to load them with BIND? Do they pass syntax check?
> The reason they don't look right is that they seem to follow this
> format correctly:
>
> # (grant | deny ) identity ruletype name types
>
> but include the word "name" which I think is meant to be replaced
> with your actual domain name (ie: I don't think the word "name" should
> be in the policy).
No, “name” there is the rule type.
> I have not previously used update-policy but I'd think it should be like this:
>
> update-policy {grant <SomeKey> <SomeDomain> A AAAA;};
This leaves out rule type.
>
> from reading: https://bind9.readthedocs.io/en/v9_18_11/reference.html#namedconf-statement-update-policy
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list