GSS-TSIG update policy identity field
isclists01 at googlemail.com
Thu May 12 11:50:26 UTC 2011
Hello Phil, Hello Mark,
after trying a lot the last hours I came to the same result.
grant EXAMPLE.COM ms-self * any;
works. All the other things for example EXAMPLE.COM krb5-self * any;
etc. dont work.
So I will put this rule in any zone with the relating domain. The ms-self
command is not documented in the bind manual just short mentioned in the
command list (1 word)
I also have to try what all can I use instead of "ANY". The client should
only to be able to do the A and PTR-Record. I read that there are some
Do you have an idea how I can test that I am 100 % sure that the client
really only can update itsself?
Do you have a link where I can read more about the ms-self feature?
thanx a lot
2011/5/12 Phil Mayers <p.mayers at imperial.ac.uk>
> On 12/05/11 09:33, Juergen Dietl wrote:
>> Hello Mark
>> i am not that professional in bind. Normally I am a CISCO expert but now
>> I also do the bind for 6 months. I cannot imagine why this post should
>> help me.
> It doesn't really.
> You should only need this:
> grant EXAMPLE.COM ms-self * any;
>> What do this match-type "external" mean? I am not aware of running any
>> external daemon. Or was this just for the ACLs problem from Phil?
> Just for me. Sorry for confusing you.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users