Update-policy to deny rexep based A records?
Nicolas Ecarnot
nicolas.ecarnot at free.fr
Mon Apr 9 08:54:09 UTC 2018
Hello,
In some zones, I've setup this update-policy to prevent any DHCP server
to create an A record called localhost (which has already happened for
some reasons.) :
zone "somezone.domain.net" {
type master;
file "master/domain.net.zone";
update-policy {
deny "*" name "localhost.domain.net";
[...];
};
[...];
};
And it's working nicely.
Now, I see that some hosts are registering into our DHCP then DNS db
using some names we don't want.
Then I'm trying to create an update policy to deny such record creation
but I don't understand the syntax :
I tried using :
deny "*" wildcard "badname.*.domain.net";
but named is telling me :
'*badname' is not a wildcard
I tried many combinations of this line, and the only allowed syntax so
far is :
deny "*" wildcard "*";
which I guess means "No one won't update anything".
1 : It is doable to achieve such a filter?
2 : If yes, may someone suggest the correct syntax?
Thank you.
--
Nicolas ECARNOT
More information about the bind-users
mailing list