Requesting Update-Policy Statements Sanity Check, Please
Darren Ankney
darren.ankney at gmail.com
Fri Feb 3 10:47:15 UTC 2023
You would probably need to attach your entire named.conf file (with
sensitive bits (keys and the like) redacted and perhaps subnets
obscured to examples such as 192.0.2.0/24, for example) before anyone
would be able to help you.
That being said, your update policy statements don't look correct to
me. Have you tried to load them with BIND? Do they pass syntax check?
The reason they don't look right is that they seem to follow this
format correctly:
# (grant | deny ) identity ruletype name types
but include the word "name" which I think is meant to be replaced
with your actual domain name (ie: I don't think the word "name" should
be in the policy).
I have not previously used update-policy but I'd think it should be like this:
update-policy {grant <SomeKey> <SomeDomain> A AAAA;};
from reading: https://bind9.readthedocs.io/en/v9_18_11/reference.html#namedconf-statement-update-policy
More information about the bind-users
mailing list