nsupdate ACL based on a key AND ip-subnet
Jonathan Petersson
jpetersson at garnser.se
Tue Nov 18 02:06:21 UTC 2008
Guess I should start digging in the code then :)
On Mon, Nov 17, 2008 at 5:59 PM, Evan Hunt <Evan_Hunt at isc.org> wrote:
> > IIRC update-policy cannot be used in congestion with the allow-update
> > statement.
>
> My bad--you're right. There's code I'd never noticed before that says
> allow-update will be ignored if update-policy is set. Whoops.
>
> (Oddly, the check only applies when both of them are defined in the
> zone itself. You can put "allow-updates" in the view options and
> "update-policy" in the zone, and named won't complain about it...
> but it also won't work the way you want it to.)
>
> I don't know why it was implemented this way--there's no protocol reason
> I can see. (There may be other reasons I don't know about.) It's probably
> not a high enough priority for ISC to devote engineering resources to it at
> this time, but if someone submitted a patch that added an ACL check to the
> update-policy syntax, I'm sure we'd consider it.
>
> --
> Evan Hunt -- evan_hunt at isc.org
> Internet Systems Consortium, Inc.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081117/3287c78e/attachment.html>
More information about the bind-users
mailing list