How to use update-policy type "external"
Vladimir Brik
vladimir.brik at icecube.wisc.edu
Tue Mar 14 18:00:20 UTC 2023
Thanks, quoting worked!
Does anybody know if the socket of an "external"
update-policy supposed to receive data for every dynamic DNS
update?
I `strace`ed the `named` process and pushed some updates
using nsupdate, but I saw no attempts to do anything with
the socket file (no opens, no writes) and nothing related to
the socket in the logs either.
I am not sure how to start debugging this. Can anyone help?
Vlad
On 3/14/23 11:06, Ondřej Surý wrote:
> I haven't used this personally, but in the system tests, this works:
>
> update-policy {
> grant Administrator at EXAMPLE.NIL wildcard * A AAAA SRV CNAME;
> grant testdenied at EXAMPLE.NIL wildcard * TXT;
> grant "local:/tmp/auth.sock" external * CNAME;
> };
>
> e.g. you need to quote the path.
>
> The documentation is silent on NAME field, but I would suggest using either * or . as placeholder.
>
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
>
> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>
>
>
>> On 14. 3. 2023, at 16:56, Vladimir Brik <vladimir.brik at icecube.wisc.edu> wrote:
>>
>> Hello
>>
>> I am trying to set up an "external" dynamic DNS update policy but I can't figure out the syntax.
>>
>> The documentation [1] says that the "identity" field needs to be in the form local:PATH, but using something like the following results in an error: "expected unquoted string near '/'", and I don't know how to fix it.
>>
>> update-policy {
>> grant local:/tmp/sock external NAME txt;
>> };
>>
>> Also, the documentation doesn't say how NAME is interpreted. Is it ignored?
>>
>>
>> Thanks very much
>>
>> Vlad
>>
>>
>> [1] https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list