DDNS - limitation and excluding updates from certain networks
Mukund Sivaraman
muks at isc.org
Wed Dec 20 17:51:36 UTC 2017
On Wed, Dec 20, 2017 at 10:40:31AM -0700, Grant Taylor via bind-users wrote:
> On 12/20/2017 06:27 AM, MAYER Hans wrote:
> > And I don’t wont that this static names can by changed by someone out of
> > an IP range, where it is allowed. I didn’t find any hint to block
> > certain IP ranges to be updated within a dynamic zone.
>
> I don't remember the specifics, but there is a way built into BIND to do
> what you are wanting.
>
> I think there's an ACL configuration where you can configure that DDNS
> clients are only able to update the records that they own. - I think
> ownership is related to the connecting IP.
>
> I do remember that when I tested this, it was trivial to set up and one
> configuration entry seemed to apply multiple DDNS clients.
>
> I'm sorry, but I don't remember any more specifics.
I beg your pardon, my original answer was incorrect. The option to do
this (for more access control over what updates to perform) is
"update-policy" as you have correctly pointed out.
The original poster may want to read about this option in the manual,
under "Dynamic Update Policies" in Chapter 6.
Mukund
More information about the bind-users
mailing list