How to use update-policy type "external"

Ondřej Surý ondrej at isc.org
Tue Mar 14 21:42:51 UTC 2023 

> I am not sure how to start debugging this. Can anyone help?

Well, start with sharing as much details as you can. It’s hard to tell what you are doing from a single configuration line.

Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 14. 3. 2023, at 19:00, Vladimir Brik <vladimir.brik at icecube.wisc.edu> wrote:
> 
> Thanks, quoting worked!
> 
> Does anybody know if the socket of an "external" update-policy supposed to receive data for every dynamic DNS update?
> 
> I `strace`ed the `named` process and pushed some updates using nsupdate, but I saw no attempts to do anything with the socket file (no opens, no writes) and nothing related to the socket in the logs either.
> 
> I am not sure how to start debugging this. Can anyone help?
> 
> 
> Vlad
> 
> 
>> On 3/14/23 11:06, Ondřej Surý wrote:
>> I haven't used this personally, but in the system tests, this works:
>>    update-policy {
>>        grant Administrator at EXAMPLE.NIL wildcard * A AAAA SRV CNAME;
>>        grant testdenied at EXAMPLE.NIL wildcard * TXT;
>>        grant "local:/tmp/auth.sock" external * CNAME;
>>    };
>> e.g. you need to quote the path.
>> The documentation is silent on NAME field, but I would suggest using either * or . as placeholder.
>> Ondrej
>> --
>> Ondřej Surý (He/Him)
>> ondrej at isc.org
>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>>>> On 14. 3. 2023, at 16:56, Vladimir Brik <vladimir.brik at icecube.wisc.edu> wrote:
>>> 
>>> Hello
>>> 
>>> I am trying to set up an "external" dynamic DNS update policy but I can't figure out the syntax.
>>> 
>>> The documentation [1] says that the "identity" field needs to be in the form local:PATH, but using something like the following results in an error: "expected unquoted string near '/'", and I don't know how to fix it.
>>> 
>>> update-policy {
>>>    grant local:/tmp/sock external NAME txt;
>>> };
>>> 
>>> Also, the documentation doesn't say how NAME is interpreted. Is it ignored?
>>> 
>>> 
>>> Thanks very much
>>> 
>>> Vlad
>>> 
>>> 
>>> [1] https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-update-policy
>>> -- 
>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>> 
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>> 
>>> 
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list