Does bind9 support adding acl and view through commands, not by updating config file?

Zhengyu Pan zhengyupann at 163.com
Fri Apr 16 04:16:20 UTC 2021


>do you mean, the same domains with different content, depending on clients'
>IPs? That's common multiple-view setup
>(nothing special or intelligent).

Yes, I will create a view and acl for every client. Because every client has the unique IP address.


>Why? Do you have that many clients constantly with changing IPs?
>
>Maybe they could use local DNS server talking to your DNS server using TSIG,

>and instead of IPs you'd define TSIG keys.


My client vm directly connect the dns server. There are no local servers on the road.
Different client may create the same domain. So I must use IP to limit who use which view. client view can't use TSIG key.
>I'm afraid for now there's no  way to make this via rndc.
>You'll have to generate named config per-client.
I wan to know whether per-client can have own confile file that contains view and acl. Not put view and acl in named.conf.


>>Updating config file frequently may affect other zones in this dns server.
>
>I don't understand how/why it should affect other zones.

Yes, updating config file don't affect other zones.













--

Thanks.
Zhengyu





At 2021-04-15 23:28:15, "Matus UHLAR - fantomas" <uhlar at fantomas.sk> wrote:
>On 15.04.21 20:53, Zhengyu Pan wrote:
>>The  "intelligent" means that dns server return the corresponding A record IP address according  to the source IP address of the tenants.
>>My dns server is an Authoritative dns server. It hosts the zones of different tenants.
>
>do you mean, the same domains with different content, depending on clients'
>IPs? That's common multiple-view setup
>(nothing special or intelligent).
>
>>I need to update config file name.conf frequently Because The views and ACLS are added frequently.
>
>Why? Do you have that many clients constantly with changing IPs?
>
>Maybe they could use local DNS server talking to your DNS server using TSIG,
>and instead of IPs you'd define TSIG keys.
>
>>So i want to know whether have commands or API to add acl and view like the command "rndc addacl" or "rndc addview"?
>
>I'm afraid for now there's no  way to make this via rndc.
>You'll have to generate named config per-client.
>
>>Updating config file frequently may affect other zones in this dns server.
>
>I don't understand how/why it should affect other zones.
>
>
>
>>At 2021-04-15 15:08:26, "Matus UHLAR - fantomas" <uhlar at fantomas.sk> wrote:
>>>On 15.04.21 15:35, Zhengyu Pan wrote:
>>>>I want to implement intelligent DNS through bind9.
>>>
>>>>I need to add a custom line(IP address ranges) to bind9 using acl and view
>>>> when add a user.  Because when add a tenant, i need to define a new acl
>>>> and view.  I don't want to update named.conf config file frequently.
>>>
>>>what is supposed to be intelligent there?
>>>
>>>I mean, why?  are you going to provide recursive service to someone who pays
>>>for that?
>>>
>>>> Does bind9 support adding acl and view through commands or API, not by updating config file?
>>>> like the command "rndc addacl" or "rndc addview".
>>>
>>>I don't think so, looks a bit too complicated.
>
>
>-- 
>Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>Warning: I wish NOT to receive e-mail advertising to this address.
>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>- Have you got anything without Spam in it?
>- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210416/59ed2aaf/attachment.htm>


More information about the bind-users mailing list