AW: always allowing update from localhost
Kevin Darcy
kcd at daimlerchrysler.com
Thu Oct 21 22:30:38 UTC 2004
Are you responding to Dave Botham's post or Mark Andrews'? If you use
Mark's suggestion to select views by TSIG key, then I don't see why
you'd have to define all of your zones in both views. If you want to
update (or AXFR, or query) a zone in the internal view, you'd sign the
Dynamic Update with the TSIG key that corresponds to "internal"; if you
want to update (or AXFR, or query) a zone in the external view, you'd
sign it with the TSIG key that corresponds to "external". This should
keep your named.conf from getting too _unuebersichtlich_.
Even without the TSIG-key approach, I suppose there's the possibility of
bringing up a virtual interface on your box and addressing it with
something that would match the "external" view. You could then use that
as a source address for your updates/AXFRs/queries whenever you wanted
to select the "external" view...
- Kevin
Clemens Bergmann wrote:
>=2D----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>hi,
>
>Erstmal danke fuer die schnelle Antwort.
>Also das heisst ich muss alle meine zones inder named.conf doppelt haben ei=
>nmal in der eigendlichen view und einemal in der localhost view.
>Schade eigendlich das macht die conffile so unuebersichtlich aber wenn es n=
>et anders geht.
>
>MFG
>clemens
>
>=2D --=20
>Besuchen sie uns doch im Internet:
>http://www.schuhklassert.de
>Visit us in the Internet:
>http://www.schuhklasssert.de
>
>pgp key:
>0xCB9C7C6B
>=2D----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.6 (GNU/Linux)
>
>iD8DBQFBdNkQ/9rd+8ucfGsRAlXtAKCX/PUqe+d/BamHLUFThuj6eBu9sQCgg0lL
>KtNIoP3tZhWX3fAB3xRSlDw=3D
>=3D32Aa
>=2D----END PGP SIGNATURE-----
>
>
>
>
>
>
More information about the bind-users
mailing list