Lock specific records in dynamic zone...
kcd at daimlerchrysler.com
Sat Feb 25 00:05:57 UTC 2006
Daniel Costello wrote:
>I have a fairly strange question. In our DNS, we have our primary zone
>which up until now has been updated only by our DHCP server via TSIG
>key,etc. We are looking at opening this up so that PC clients can update
>their own DNS. Our only concern is that servers have their dns records in
>this same zone file and we don't want to chance they get overwritten, etc.
>Is there a way to flag single records within a dynamically updated dns zone
>file making them not changeable in some way? I know this kind of defeats
>the purpose of dynamic updates in the first place.
>I would assume the only alternative would be to create a separate zone file
>for each server, which would be fairly time consuming.
deny * name locked1.example.com.;
deny * name locked2.example.com.;
deny * name locked3.example.com.;
grant * wildcard *;
You can't mix update-policy and allow-update for the same zone, however,
so any source-address-based restrictions you currently have wouldn't
More information about the bind-users