Regexp to match RR's

[Jonathan Petersson]

> On Apr 8, 2009, at 3:21 PM, Kevin Darcy wrote:
>>
>> I'm not a big fan of allowing users to enter Resource Records verbatim.
>> Most users aren't that sophisticated, or, if they are, they can do their
>> nsupdates directly, if they have been given access to the relevant TSIG key
>> (how's that for a False Dilemma argument :-)
>
> Again, I have to disagree with that statement. Aside from automated updates,
> even for dynamic zones (zones that allow dynamic updates), our customers
> wouldn't want day-to-day updates being submitted by dynamic update from user
> to DNS server. The reason is that dynamic updates are anonymous - there's no
> audit trail. For compliance reasons, it's valuable to have such updates
> submitted through a tool that logs them (user, timestamp, actions, user
> comment), even if the tool then sends them on to the DNS server via dynamic
> updates.
>

Not sure if we're talking about the same kind of dynamic update here,
I'm referring to updates controller by update-policy in conjunction
with TSIG keys. Each independent user can have his own key with
applicable restrictions and it's logged accordingly in BIND's
log-files.

Dynamic updates are invaluable when you have business units who wants
to maintain control of their own zones but aren't allowed to
manipulate data directly on the DNS master servers.