Question on allow-update and update-policy

Angela Perez perez.angela7 at googlemail.com
Sat Jun 12 19:33:52 UTC 2010


Hi,

I have a question on using signed (TSIG) dynamic updates. My
understanding is that both allow-update and update-policy allows
either a host or a key.

Is there any way (or workaround) to make bind only accept dynamic
updates from a specific host that has the specific key?

The problem I have is I work for a site that want to issue signed
dynamic updates to an external dns server. Since dynamic updates use
port 53 and there is no way to control access on the network level,
I'm looking for a way to convince bind to only accept dynamic updates
if they originate from a specific host *and* are signed with the
specific key.

Thankyou for taking the time to read my message,
--a



More information about the bind-users mailing list