Does bind9 support adding acl and view through commands, not by updating config file?

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Apr 15 16:28:15 UTC 2021


On 15.04.21 20:53, Zhengyu Pan wrote:
>The  "intelligent" means that dns server return the corresponding A record IP address according  to the source IP address of the tenants.
>My dns server is an Authoritative dns server. It hosts the zones of different tenants.

do you mean, the same domains with different content, depending on clients'
IPs? That's common multiple-view setup
(nothing special or intelligent).

>I need to update config file name.conf frequently Because The views and ACLS are added frequently.

Why? Do you have that many clients constantly with changing IPs?

Maybe they could use local DNS server talking to your DNS server using TSIG,
and instead of IPs you'd define TSIG keys.

>So i want to know whether have commands or API to add acl and view like the command "rndc addacl" or "rndc addview"?

I'm afraid for now there's no  way to make this via rndc.
You'll have to generate named config per-client.

>Updating config file frequently may affect other zones in this dns server.

I don't understand how/why it should affect other zones.



>At 2021-04-15 15:08:26, "Matus UHLAR - fantomas" <uhlar at fantomas.sk> wrote:
>>On 15.04.21 15:35, Zhengyu Pan wrote:
>>>I want to implement intelligent DNS through bind9.
>>
>>>I need to add a custom line(IP address ranges) to bind9 using acl and view
>>> when add a user.  Because when add a tenant, i need to define a new acl
>>> and view.  I don't want to update named.conf config file frequently.
>>
>>what is supposed to be intelligent there?
>>
>>I mean, why?  are you going to provide recursive service to someone who pays
>>for that?
>>
>>> Does bind9 support adding acl and view through commands or API, not by updating config file?
>>> like the command "rndc addacl" or "rndc addview".
>>
>>I don't think so, looks a bit too complicated.


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.


More information about the bind-users mailing list