how t orestrict nsupdate to a single A or PTR record ?
gmx
fddi at gmx.it
Thu Dec 6 17:52:16 UTC 2012
Thank you very much learnt a new thing too
Mark Andrews <marka at isc.org> ha scritto:
>
>In message <50BFABA3.5040304 at dougbarton.us>, Doug Barton writes:
>> On 12/05/2012 11:29 AM, fddi wrote:
>> > Hello, I have a domain called mydomain.org
>> >
>> > I would need a way to allow access with nsupdate not to the entire
>> > domain mydomain.org
>> > but only to specific hosts and specific IP Address do be modified
>using
>> > nsupdate.
>> >
>> >
>> > here is my config
>> >
>> > zone "mydomain.org" IN {
>> > type master;
>> > allow-query { any; };
>> > file "mydomain.org.db";
>> > update-policy {
>> > grant mykey. subdomain mydomain.org. A TXT CNAME;
>> > };
>> > };
>> >
>> > but in this way anyone can modify any hosts in the domain.
>> > How can I restrict and allow to modify only specific hosts ?
>> >
>> > for example I would like to restrict to modify only
>host1.mydomain.org
>> > with a given key.
>> >
>> > is it possibile ?
>>
>> make the records you want to be modifiable into their own zones.
>
> grant mykey. name host1.mydomain.org. A AAAA
>
> or
>
> grant host1.mydomain.org. self . A AAAA
>
> or
>
> grant "local:/path/to/socket" external * A AAAA
>
> or
>
> grant "local:/path/to/socket" external * ANY
>
> The last two require a external tool to make the decision.
>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe
>> from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121206/90aef83e/attachment.html>
More information about the bind-users
mailing list