allow-update to localhost and (but not or) TSIG key
Vasiliy Baranov
Vasiliy.Baranov at Sun.COM
Fri Feb 15 20:59:39 UTC 2008
Kevin Darcy wrote:
> Vasiliy Baranov wrote:
>
>> Is it possible to allow zone updates only to those clients that access
>> the server over the loopback interface and supply a specific TSIG key
>> (looking for a setup similar to the default rndc configuration)? Will
>> the following do the thing?
>>
>> allow-update { !{ !localhost; }; tsigkey; };
>>
>>
> Did you test it? What was the result of the test?
>
>
> - Kevin
>
>
Yes, I tested it. It doesn't work as I want it to. If the client
supplies a key, the update is allowed no matter whether the client is
local or not.
Hmm, it has just occurred to me to try:
allow-update { !{ !localhost; any; }; tsigkey; };
Vasiliy
More information about the bind-users
mailing list