GSS-TSIG update policy identity field
Mark Andrews
marka at isc.org
Wed May 11 13:55:25 UTC 2011
In message <4DCA7893.5060402 at imperial.ac.uk>, Phil Mayers writes:
> On 11/05/11 12:17, Mark Andrews wrote:
>
> > {ms,krb5}-subdomain allows updates of *.machinename
>
> One note - this isn't so handy if you have a disjoint namespace, where:
>
> machinename.*.example.com
>
> ...is what you want. We are in this boat, and can't use the built in
> ACLs for this very reason.
This from 9.8 should help you.
3003. [experimental] Added update-policy match type "external",
enabling named to defer the decision of whether to
allow a dynamic update to an external daemon.
(Contributed by Andrew Tridgell.) [RT #22758]
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list