Securing zone transfer and DDNS
Jan-Piet Mens
jpmens.dns at gmail.com
Mon Nov 7 14:59:34 UTC 2011
> Bind version is: 9.7.4
Upgrade; 9.8.1 is current. (In addition, you're reading a book called
BIND 10 -- even though the book doesn't once mention that software!)
> Maybe this is a stupid question but what is ARM?
BIND 9 Administrator Reference Manual. It is provided in multiple
formats within the BIND source distribution. (doc/arm/*)
[...]
I assume what you probably want to do is something like this:
key "my.key" {
algorithm HMAC-MD5;
secret "xxxx";
};
key "my.key2" {
...
};
acl xferkey {
key my.key2;
};
zone "example.net" IN {
type master;
file "example.net";
allow-update {
key "my.key";
};
allow-transfer {
xferkey;
};
};
Create your keys with the dnssec-keygen utility (check its manual page).
Instead of allow-update, I'd like to suggest you read up on the `grant'
statement which allows a much finer granularity on DDNS.
-JP
More information about the bind-users
mailing list