BIND 10 #2065: support BIND9-compatible update-policy ACL for DDNS
BIND 10 Development
do-not-reply at isc.org
Tue Jul 3 16:19:09 UTC 2012
#2065: support BIND9-compatible update-policy ACL for DDNS
-------------------------------------+-------------------------------------
Reporter: | Owner:
jinmei | Status: new
Type: | Milestone: New Tasks
enhancement | Resolution:
Priority: | Sensitive: 0
medium | Sub-Project: DNS
Component: DDNS | Estimated Difficulty: 8
Keywords: | Total Hours: 0
Defect Severity: N/A |
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Description changed by jinmei:
Old description:
> For controlling the permission for specific domain names,
> specific type of RRs, etc.
New description:
For controlling the permission for specific domain names,
specific type of RRs, etc.
See the corresponding BIND 9 option:
http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies
This ticket doesn't intend to provide a full compatibility to the BIND
9 counter part, but it should at least support the "name" and
"subdomain" nametype. For example, we should be able to specify
the following in some zone specific configuration of b10-ddns:
{{{
grant key.dyn.example.com name foo.dyn.example.com AAAA
}}}
which would allow updates to foo.dyn.example.com/AAAA by a DDNS
request signed with a TSIG key whose key name is key.dyn.example.com.
This task will probably have to be broken down into multiple subtasks:
at least it would need to update the generic ACL framework to allow
this happen and update b10-ddns and python ddns module so they
understand and handle this fine-grained access control.
--
--
Ticket URL: <https://bind10.isc.org/ticket/2065#comment:2>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list