dynamic DNS updates using nsupdate - how to update a different view.
Mark Andrews
Mark_Andrews at isc.org
Wed Jan 25 22:12:30 UTC 2006
> Dave Clark wrote:
>
> > nsupdate doesn't do it. BIND looks at the key used to authenticate
> > the transfer before selecting which view to search for the zone.
> > Dave
>
> Sorry, that's what I meant to say too.
> Anyway, I've been trying this out and I'm not getting very far.
>
> I've got 4 views: "local", "sat01", "sat99", and "world". "local" is
> for local consumption, "sat01" and "sat99" are each for dedicated
> specific client-addresses and/or -ranges and "world" is obviously for
> everybody else.
>
> This is my config:
>
> view "sat99" {
> match-clients { 192.168.67.0/24; key helium.; };
> recursion no;
> include "/etc/named.d/sat99.conf";
> };
>
> /etc/named.d/sat99.conf:
>
> key helium. {
> algorithm hmac-md5;
> secret "cb4DdGo8jUY4DLEt2aH+YQ==";
> };
>
> zone "test.net" {
> type master;
> file "master/test.net.99";
> notify yes;
> allow-update { key helium.; };
> };
>
>
> >From a local host (192.168.2.113), I then try to update view "sat99"
> using the following input to nsupdate:
>
> server 192.168.2.104
> zone spamchek.net
> key helium. cb4DdGo8jUY4DLEt2aH+YQ==
> update delete x.test.net. IN A
> update add x.test.net. 300 IN A 1.2.3.4
> show
> send
>
>
> The target server at 192.168.2.104 hits on the first applicable zone
> according to IP-address and fails as 192.168.2.113 is not allowed to
> update anything in view "local". But it doesn't go through the
> remaining views to see if a key matches anywhere? I can sort of
> understand why this is, but does it mean I cannot have nsupdate a view
> other than the first select (by IP) ?
>
>
>
> /Per Jessen, Zürich (-0.50 °C)
>
>
Reorder the list of views and/or used negation in the acls.
acl localaddresses { .... };
views local {
match-clients { ! key helium.; localaddresses; };
};
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list