Modify BIND ACLs on-the-fly?

Matus UHLAR - fantomas uhlar at
Tue Nov 22 13:19:30 UTC 2011

On 22.11.11 13:42, Jan-Piet Mens wrote:
>I'm looking at a BIND installation with a largish number of views, each
>of which allow recursion and contain a couple of RPZ zones. Each view
>has a `match-clients{}' option limiting access to the view to a very
>small number of addresses. (Typically the single address of a client
>with a dynamic IP address.)
>When the IP of the client changes (reported and handled out-of-band),
>the address_match_list in the view must be modified, which I can do with
>includes & scripting-magic followed by `rndc reconfig', but can I do
>this more elegantly?

afaik your client can identify itself by TSIG instead of IP address.
of course, this requires tyour client to support TSIG 

Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

More information about the bind-users mailing list