allow-update in global options (was Re: bind and certbot with dns-challenge)
Sam Wilson
Sam.Wilson at ed.ac.uk
Tue Apr 2 16:00:48 UTC 2019
On 2019-03-17 20:37:56 +0000, Alan Clegg said:
> On 3/17/19 2:51 PM, Alan Clegg wrote:
>> On 3/17/19 7:13 AM, Stephan von Krawczynski wrote:
>>> Hello all,
>>>
>>> I am using "BIND 9.13.7 (Development Release) <id:6491691>" on arch linux. Up
>>> to few days ago everything was fine using "certbot renew". I had
>>> "allow-update" in nameds' global section, everything worked well. Updating to
>>> the above version threw a config error that "allow-update" has no global scope
>>> and is to be used in every single zone definition.
>>
>> And you may have found a bug. I'm checking internally at this time.
>
> So, after a discussion with one of the BIND engineers this afternoon,
> this turned out to be quite an interesting and deep-rooted issue.
>
> During a cleanup of other code (specifically named-checkconf), code was
> changed that enforced what was believed to have been the default
> previously: specifically, allow-update was only allowed in zone stanzas.
Can I ask who believed it was previously the default? I hope I'm not
misreading the first dozen or so lines of this page (which seems to be
reflected in previous editions of the ARM).
<https://ftp.isc.org/isc/bind9/cur/9.13/doc/arm/Bv9ARM.ch05.html#options_grammar>
Sam
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the bind-users
mailing list