patches to make bind9 with TKEY/GSS updates easier to configure
Evan Hunt
each at isc.org
Sun Dec 5 20:31:02 UTC 2010
> You mean like tkey-domain? The problem with that is that users may
> well want to do updates in multiple realms. What would they put in
> named.conf to support that?
>
> Also, the named.conf should configure the local named, whereas this
> code is for nsupdate, which can be used against any DNS server on the
> network. The local named.conf may not match the server you are
> updating.
Sorry, I misunderstood that this was for nsupdate not named. Still, why
an environment variable? Could you get the same effect with a a "-r realm"
option on the nsupdate command line, or a "realm <name>" command at the
nsupdate command prompt? Or if there's more to it than just the realm,
perhaps a "-K <krb5conf>" option?
I'd prefer to reduce the number of things in BIND 9 that are controlled by
environment variables when it's avoidable; they make the system harder to
support and debug. It isn't always avoidable of course, but I'd like to
be sure.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-workers
mailing list