DDNS - limitation and excluding updates from certain networks

Mukund Sivaraman muks at isc.org
Wed Dec 20 13:04:09 UTC 2017

On Wed, Dec 20, 2017 at 12:39:33PM +0000, MAYER Hans wrote:
> Dear All,
> My environment: We are using the latest version of BIND and DHCP from ISC. Our workstations ( mostly Windows and some Mac ) are in certain networks. Only these networks are allowed to do dynamic DNS updates. So when a PC is switched on its IPv4, IPv4 reverse, IPv6 and reverse is registered. 
> So far everything works well. 
> Is there a way to configure, that names which are registered in other networks, are not allowed to be updated ? 

You'll have to explain what you mean better for a more specific answer,
but see the manual for the "allow-update" ACL config option
(per-zone). You can set access control on who can update the zone by
configuring this option (preferably using TSIG key, but also network
ACL). Adjust your zones, ACLs and services appropriately.


More information about the bind-users mailing list