How to use update-policy type "external"

Vladimir Brik vladimir.brik at icecube.wisc.edu
Tue Mar 14 18:00:20 UTC 2023 

Thanks, quoting worked!

Does anybody know if the socket of an "external" 
update-policy supposed to receive data for every dynamic DNS 
update?

I `strace`ed the `named` process and pushed some updates 
using nsupdate, but I saw no attempts to do anything with 
the socket file (no opens, no writes) and nothing related to 
the socket in the logs either.

I am not sure how to start debugging this. Can anyone help?


Vlad


On 3/14/23 11:06, Ondřej Surý wrote:
> I haven't used this personally, but in the system tests, this works:
> 
> 	update-policy {
> 		grant Administrator at EXAMPLE.NIL wildcard * A AAAA SRV CNAME;
> 		grant testdenied at EXAMPLE.NIL wildcard * TXT;
> 		grant "local:/tmp/auth.sock" external * CNAME;
> 	};
> 
> e.g. you need to quote the path.
> 
> The documentation is silent on NAME field, but I would suggest using either * or . as placeholder.
> 
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
> 
> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> 
> 
> 
>> On 14. 3. 2023, at 16:56, Vladimir Brik <vladimir.brik at icecube.wisc.edu> wrote:
>>
>> Hello
>>
>> I am trying to set up an "external" dynamic DNS update policy but I can't figure out the syntax.
>>
>> The documentation [1] says that the "identity" field needs to be in the form local:PATH, but using something like the following results in an error: "expected unquoted string near '/'", and I don't know how to fix it.
>>
>> update-policy {
>>     grant local:/tmp/sock external NAME txt;
>> };
>>
>> Also, the documentation doesn't say how NAME is interpreted. Is it ignored?
>>
>>
>> Thanks very much
>>
>> Vlad
>>
>>
>> [1] https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
>> -- 
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list