Dynamic Update Policy.....
Gary Greene
ggreene at minervanetworks.com
Thu Mar 28 23:03:26 UTC 2013
I'm trying to get bind to use ddns updates for our environment, however I'm getting errors in the logs on the system that the host is being denied from making the changes.
Currently, I'm only allowing certain hosts to update their records, as a test.
The stanza for update-policy follows:
zone "minervanetworks.com" {
type master;
notify yes;
update-policy {
grant ggreene-imac$@MINERVANETWORKS.COM ms-self * A;
grant cvallejo-w7-lt$@MINERVANETWORKS.COM ms-self * A;
grant cvallejo-test-w7-lt$@MINERVANETWORKS.COM ms-self * A;
};
file "/etc/named.d/minervanetworks.zone";
check-names ignore;
};
The error I see in the logs:
Mar 28 15:57:29 ns1 named[11482]: client 10.5.1.11#52418: view internal: update 'minervanetworks.com/IN' denied
The reverse zones work, as they are setup to allow dhcpd to make the changes (and they work correctly), however the forward zone does not.
Any insight would be great. Thanks.
--
Gary L. Greene, Jr.
Sr. Systems Administrator
IT Operations
Minerva Networks, Inc.
Cell: (650) 704-6633
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130328/d0053538/attachment.html>
More information about the bind-users
mailing list