how t orestrict nsupdate to a single A or PTR record ?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Dec 5 20:36:03 UTC 2012
On 12/05/2012 07:29 PM, fddi wrote:
> Hello, I have a domain called mydomain.org
>
> I would need a way to allow access with nsupdate not to the entire
> domain mydomain.org
> but only to specific hosts and specific IP Address do be modified using
> nsupdate.
>
>
> here is my config
>
> zone "mydomain.org" IN {
> type master;
> allow-query { any; };
> file "mydomain.org.db";
> update-policy {
> grant mykey. subdomain mydomain.org. A TXT CNAME;
> };
> };
>
> but in this way anyone can modify any hosts in the domain.
No - people with "mykey." can update any A/TXT/CNAME records at or under
mydomain.org. Subtle difference.
> How can I restrict and allow to modify only specific hosts ?
Name them in the policy.
>
> for example I would like to restrict to modify only host1.mydomain.org
> with a given key.
>
> is it possibile ?
Erm, yes. Just use "name" rather than subdomain, and specify the name
you want. Have you *read* the section on "update-policy" in the ARM?
More information about the bind-users
mailing list