GSS-TSIG update-policy clarification
Nicholas Miller
Nicholas.Miller at Colorado.EDU
Thu Mar 22 15:50:37 UTC 2018
With the latest update to bind our named.conf started reporting errors. I have figured it out but wanted to get clarification about the syntax.
We had been using:
deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;
We are now using:
deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;
Am I to assume that the ‘.’ in the config statement behaves similarly to the ‘.’ in a zone file? It refers back to the zone the update-policy is defining?
Also, what is the difference between using a ‘.’ and a ‘*’? They both refer to all records within the zone.:
deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;
_________________________________________________________
Nicholas Miller, OIT, University of Colorado at Boulder
More information about the bind-users
mailing list