GSS-TSIG update policy identity field

Phil Mayers p.mayers at imperial.ac.uk
Wed May 11 13:57:31 UTC 2011


On 11/05/11 14:55, Mark Andrews wrote:
>
> In message<4DCA7893.5060402 at imperial.ac.uk>, Phil Mayers writes:
>> On 11/05/11 12:17, Mark Andrews wrote:
>>
>>> {ms,krb5}-subdomain allows updates of *.machinename
>>
>> One note - this isn't so handy if you have a disjoint namespace, where:
>>
>> machinename.*.example.com
>>
>> ...is what you want. We are in this boat, and can't use the built in
>> ACLs for this very reason.
>
> This from 9.8 should help you.
>
> 3003.   [experimental]  Added update-policy match type "external",
>                          enabling named to defer the decision of whether to
>                          allow a dynamic update to an external daemon.
>                          (Contributed by Andrew Tridgell.) [RT #22758]
>
>

Yeah, I've looked at that. It's on my TODO list to implement it. Thanks 
for the heads-up though.



More information about the bind-users mailing list