Re: Securing zone transfer and DDNS

Mon Nov 7 16:04:42 UTC 2011

Dnia 7 listopada 2011 15:59 Jan-Piet Mens <jpmens.dns at gmail.com> napisał(a):
> > Bind version is: 9.7.4
> 
> Upgrade; 9.8.1 is current. (In addition, you're reading a book called
> BIND 10 -- even though the book doesn't once mention that software!)

I'm using Mac OS X 10.4.11 Tiger on G4 400 MHz PPC Mac and BIND 9.7.4 is the last version that I'm able to use.

> I assume what you probably want to do is something like this:
> 
>         key "my.key" {
>                 algorithm HMAC-MD5;
>                 secret "xxxx";
>         };
>         key "my.key2" {
>         ...
>         };
> 
>         acl xferkey {
>                 key my.key2;
>         };
> 
>         zone "example.net" IN {
>                 type master;
>                 file "example.net";
>                 allow-update {
>                         key "my.key";
>                 };
>                 allow-transfer {
>                         xferkey;
>                 };
>         };

That's what I'm trying to do :) but what's with the server section? On the book it's both in the master and slave (zone tranasfer) named.conf files.

> Instead of allow-update, I'd like to suggest you read up on the `grant'
> statement which allows a much finer granularity on DDNS.

I have trying:
update-policy { grant key subdomain my.zone any; }; (described in this book)
but it doesn't work.

-- 
Pozdrawiam,
Aleksander Kurczyk