update policy identity should match the domain name?
S Kalyanasundaram
skalyanasundaram at novell.com
Tue Jul 1 10:23:54 UTC 2008
Hi, sorry If I am asking some dump question. But I cant figure out the
correct answer from googling.
update-policy {( grant | deny ) identity nametype name [ types ] }
bind arm says that the identity field must contain a fully qualified
domain name. Is this mandatory?
I see in many examples the identify always matches the zone like,
[grant foo22.bar44.com. subdomain bar44.com. ANY;]
can I create some key like
mykey { algorithm HMAC-MD5; secret "5Q....=="; }
and mention in policy like
update-policy{ grant mykey subdomain bar44.com ANY;};
will this work?
Thanks,
-Kalyan
More information about the bind-users
mailing list