Regexp to match RR's

Jonathan Petersson jpetersson at
Thu Apr 9 00:59:56 UTC 2009

> On Apr 8, 2009, at 3:21 PM, Kevin Darcy wrote:
>> I'm not a big fan of allowing users to enter Resource Records verbatim.
>> Most users aren't that sophisticated, or, if they are, they can do their
>> nsupdates directly, if they have been given access to the relevant TSIG key
>> (how's that for a False Dilemma argument :-)
> Again, I have to disagree with that statement. Aside from automated updates,
> even for dynamic zones (zones that allow dynamic updates), our customers
> wouldn't want day-to-day updates being submitted by dynamic update from user
> to DNS server. The reason is that dynamic updates are anonymous - there's no
> audit trail. For compliance reasons, it's valuable to have such updates
> submitted through a tool that logs them (user, timestamp, actions, user
> comment), even if the tool then sends them on to the DNS server via dynamic
> updates.

Not sure if we're talking about the same kind of dynamic update here,
I'm referring to updates controller by update-policy in conjunction
with TSIG keys. Each independent user can have his own key with
applicable restrictions and it's logged accordingly in BIND's

Dynamic updates are invaluable when you have business units who wants
to maintain control of their own zones but aren't allowed to
manipulate data directly on the DNS master servers.

More information about the bind-users mailing list