nsupdate ACL based on a key AND ip-subnet
blrmaani
blrmaani at gmail.com
Fri Nov 14 20:40:17 UTC 2008
All,
I use BIND 9.2 on Linux. I was experimenting with a feature to allow
dynamic updates based on
BOTH the following:
1. Secret key ( TSIG )
2. Subnet.
Unfortunately, I realized that we can specify only one of the above in
allow-update {} ACL.
If I specify both, it doesn't work as expected.
Question:
1. Is there a way to achieve this?
2. Is this feature part of BIND 9.3, 9.4, 9.5 or 9.6 ( I haven't found
anything related to this in the documentation
for these versions. )
3. If it is already supported in BIND 9.2, I'd appreciate if anyone
can point me to the right documentation.
here is what I'm expecting:
// This should allow update only if the update is from 10/8 subnet AND
key matches:
allow-update { key "...." ; 10/8; }
Cheers and have a nice weekend.
Maani
More information about the bind-users
mailing list