always allowing update from localhost
Mark Andrews
Mark_Andrews at isc.org
Tue Oct 19 22:13:00 UTC 2004
> bind-users-bounce at isc.org wrote on 10/19/2004 04:36:23 AM:
> > =2D----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > hi,
> > one more question:
> > is there a possibility to alway allow updates from localhost regardless
> of =
> > a view or do a i have to write a own view with match-clients {
> localhost; }=
> > ; with all my zones in it?
>
> The problem you have is not exactly an "allow" or "deny" problem.
> Remember, when you request a zone transfer from named it needs to know
> which zone you want. Because you are using views two zones with the same
> name can exist in different views. Therefore, named must have a way of
> determining which zone *and* which view you are requesting before it can
> honor your request. There are 2 ways named determines the view for a
> given request. One is by the source IP of the request (match-clients) and
> the other is the destination IP of the request (match-destinations). Check
> the ARM for the syntax for these options. It is worth noting that the use
> of 'match-destinations' will require multiple IP addresses on the name
> server.
Upgrade to BIND 9.3.0 and use TSIG names to select the view to be
updated.
> So, the short answer to your question is most likely no.
>
>
> hth,
>
> Dave...
>
> >
> > Clemens
> > =2D --=20
> > Besuchen sie uns doch im Internet:
> > http://www.schuhklassert.de
> > Visit us in the Internet:
> > http://www.schuhklasssert.de
> >
> > pgp key:
> > 0xCB9C7C6B
> > =2D----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.6 (GNU/Linux)
> >
> > iD8DBQFBdNIN/9rd+8ucfGsRAvHxAKCLxLtmk4LPpiJ5RxW7OCItMNesWwCfWT3j
> > kQ62H4a/svG5ffCuE81eiiY=3D
> > =3DwGT1
> > =2D----END PGP SIGNATURE-----
> >
>
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list