GSS-TSIG update policy identity field
Juergen Dietl
isclists01 at googlemail.com
Thu May 12 11:50:26 UTC 2011
Hello Phil, Hello Mark,
after trying a lot the last hours I came to the same result.
grant EXAMPLE.COM ms-self * any;
works. All the other things for example EXAMPLE.COM krb5-self * any;
etc. dont work.
So I will put this rule in any zone with the relating domain. The ms-self
command is not documented in the bind manual just short mentioned in the
command list (1 word)
I also have to try what all can I use instead of "ANY". The client should
only to be able to do the A and PTR-Record. I read that there are some
limitations ....
Do you have an idea how I can test that I am 100 % sure that the client
really only can update itsself?
Do you have a link where I can read more about the ms-self feature?
thanx a lot
cheers,
2011/5/12 Phil Mayers <p.mayers at imperial.ac.uk>
> On 12/05/11 09:33, Juergen Dietl wrote:
>
>> Hello Mark
>>
>> i am not that professional in bind. Normally I am a CISCO expert but now
>> I also do the bind for 6 months. I cannot imagine why this post should
>> help me.
>>
>
> It doesn't really.
>
> You should only need this:
>
>
> grant EXAMPLE.COM ms-self * any;
>
>
>
>> What do this match-type "external" mean? I am not aware of running any
>> external daemon. Or was this just for the ACLs problem from Phil?
>>
>
> Just for me. Sorry for confusing you.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110512/b158c8f0/attachment.html>
More information about the bind-users
mailing list