Allow only temporary zone updates without making them permanent
Lefteris Tsintjelis
lefty at spes.gr
Wed Jun 26 04:25:49 UTC 2019
That could take years, if even adopted! Perhaps something simpler like a
file permission/lock could do the job as well. Would that work though?
When I used certbot with rfc2136 validation through DNS, eventhough I
have the main zone file permission set to root, I find it changed to
that of bind. Seems like bind is capable of changing and modifying
permissions?
On 26/6/2019 6:36, Mark Andrews wrote:
> No.
>
> If https://tools.ietf.org/id/draft-pusateri-dnsop-update-timeout-02.txt ever get
> adopted then yes it will be possible to have updates removed automatically.
>
>> On 26 Jun 2019, at 1:25 pm, Lefteris Tsintjelis via bind-users <bind-users at lists.isc.org> wrote:
>>
>> Hi,
>>
>> Is it possible to apply temporary only update policy and never save or
>> modify anything to a zone file?
>>
>> For example:
>>
>> zone "example.com" {
>> type master;
>> auto-dnssec maintain;
>> inline-signing yes;
>> update-policy {
>> grant rndc-key temponly _acme-challenge.example.com. txt;
>> };
>> file "/etc/namedb/master/db.example.com";
>> };
>>
>> Thank you,
>>
>> Lefteris
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list