AW: always allowing update from localhost

Kevin Darcy kcd at
Thu Oct 21 22:30:38 UTC 2004

Are you responding to Dave Botham's post or Mark Andrews'? If you use 
Mark's suggestion to select views by TSIG key, then I don't see why 
you'd have to define all of your zones in both views. If you want to 
update (or AXFR, or query) a zone in the internal view, you'd sign the 
Dynamic Update with the TSIG key that corresponds to "internal"; if you 
want to update (or AXFR, or query) a zone in the external view, you'd 
sign it with the TSIG key that corresponds to "external". This should 
keep your named.conf from getting too _unuebersichtlich_.

Even without the TSIG-key approach, I suppose there's the possibility of 
bringing up a virtual interface on your box and addressing it with 
something that would match the "external" view. You could then use that 
as a source address for your updates/AXFRs/queries whenever you wanted 
to select the "external" view...

                                 - Kevin

Clemens Bergmann wrote:

>Hash: SHA1
>Erstmal danke fuer die schnelle Antwort.
>Also das heisst ich muss alle meine zones inder named.conf doppelt haben ei=
>nmal in der eigendlichen view und einemal in der localhost view.
>Schade eigendlich das macht die conffile so unuebersichtlich aber wenn es n=
>et anders geht.
>=2D --=20
>Besuchen sie uns doch im Internet:
>Visit us in the Internet:
>pgp key:
>Version: GnuPG v1.2.6 (GNU/Linux)

More information about the bind-users mailing list