DDNS - limitation and excluding updates from certain networks
muks at isc.org
Wed Dec 20 17:51:36 UTC 2017
On Wed, Dec 20, 2017 at 10:40:31AM -0700, Grant Taylor via bind-users wrote:
> On 12/20/2017 06:27 AM, MAYER Hans wrote:
> > And I don’t wont that this static names can by changed by someone out of
> > an IP range, where it is allowed. I didn’t find any hint to block
> > certain IP ranges to be updated within a dynamic zone.
> I don't remember the specifics, but there is a way built into BIND to do
> what you are wanting.
> I think there's an ACL configuration where you can configure that DDNS
> clients are only able to update the records that they own. - I think
> ownership is related to the connecting IP.
> I do remember that when I tested this, it was trivial to set up and one
> configuration entry seemed to apply multiple DDNS clients.
> I'm sorry, but I don't remember any more specifics.
I beg your pardon, my original answer was incorrect. The option to do
this (for more access control over what updates to perform) is
"update-policy" as you have correctly pointed out.
The original poster may want to read about this option in the manual,
under "Dynamic Update Policies" in Chapter 6.
More information about the bind-users