how t orestrict nsupdate to a single A or PTR record ?
Mark Andrews
marka at isc.org
Wed Dec 5 20:30:21 UTC 2012
In message <50BFABA3.5040304 at dougbarton.us>, Doug Barton writes:
> On 12/05/2012 11:29 AM, fddi wrote:
> > Hello, I have a domain called mydomain.org
> >
> > I would need a way to allow access with nsupdate not to the entire
> > domain mydomain.org
> > but only to specific hosts and specific IP Address do be modified using
> > nsupdate.
> >
> >
> > here is my config
> >
> > zone "mydomain.org" IN {
> > type master;
> > allow-query { any; };
> > file "mydomain.org.db";
> > update-policy {
> > grant mykey. subdomain mydomain.org. A TXT CNAME;
> > };
> > };
> >
> > but in this way anyone can modify any hosts in the domain.
> > How can I restrict and allow to modify only specific hosts ?
> >
> > for example I would like to restrict to modify only host1.mydomain.org
> > with a given key.
> >
> > is it possibile ?
>
> make the records you want to be modifiable into their own zones.
grant mykey. name host1.mydomain.org. A AAAA
or
grant host1.mydomain.org. self . A AAAA
or
grant "local:/path/to/socket" external * A AAAA
or
grant "local:/path/to/socket" external * ANY
The last two require a external tool to make the decision.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list