Metazones or Something Else?
Mark Andrews
marka at isc.org
Tue Aug 5 23:35:00 UTC 2014
Personally I'd like to extend UPDATE
allow-addzone { acl; };
allow-delzone { acl; };
e.g.
nsupdate
new zone
server addresss [port]
key name:secret
[masters <list>]
[allow-query <acl>]
[allow-transfer <acl>]
[allow-update <acl>]
[conf text]
[conf text]
[conf text]
[zone data for master]
send
nsupdate
del zone
key name:secret
send
Where "new" is a EDNS options which optionally has master addresses / names
allow-query is a EDNS acl option of subtype query [default any; if missing]
allow-transfer is a EDNS acl option of subtype transfer [default any; if missing]
allow-update is a EDNS acl option of subtype update [default none; if missing]
conf is a EDNS which contains other configuration data for a zone
Mark
In message <20140805164053.GA11778 at fantomas.sk>, Matus UHLAR - fantomas writes:
> On 05.08.14 11:43, Brian Cuttler wrote:
> >The slave trusts the master, for zone files, but creating
> >a new zone?
>
> hmmm, when a meta-zone is signed by trusted key, why not? :-)
> using notifies and IXFR would be even more great...
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> You have the right to remain silent. Anything you say will be misquoted,
> then used against you.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list