Update-policy to deny rexep based A records?

Nicolas Ecarnot nicolas.ecarnot at free.fr
Mon Apr 9 08:54:09 UTC 2018


In some zones, I've setup this update-policy to prevent any DHCP server 
to create an A record called localhost (which has already happened for 
some reasons.) :

zone "somezone.domain.net" {
                 type master;
                 file "master/domain.net.zone";

                 update-policy {
                         deny "*" name "localhost.domain.net";

And it's working nicely.

Now, I see that some hosts are registering into our DHCP then DNS db 
using some names we don't want.

Then I'm trying to create an update policy to deny such record creation 
but I don't understand the syntax :

I tried using :
deny "*" wildcard "badname.*.domain.net";
but named is telling me :
'*badname' is not a wildcard

I tried many combinations of this line, and the only allowed syntax so 
far is :
deny "*" wildcard "*";
which I guess means "No one won't update anything".

1 : It is doable to achieve such a filter?
2 : If yes, may someone suggest the correct syntax?

Thank you.


More information about the bind-users mailing list