Yeah it would most likely be a feature request/change.
IIRC update-policy cannot be used in congestion with the allow-update
statement. Personally I prefer the usage of update-policy as I can assign
different business units within my organization to take responsibility for
certain records/record types.
As I'm using a multi-view server (public and private IP) I'm concerned that
the update keys used might get compromised (computer stolen or whatever)
thus it would be useful to be able to limit the capability for updates for
specified IP-ranges.
This is achieved with the allow-update policy given throughout this
conversation but as you cannot use them in congestion with update-policy I'm
not able to limit certain records/record types to keys.
To put this in a "conf example" I'm thinking something like:
allow-update {
! { !10/8; any; };
update-policy { grant key subdomain dummy.com ALL; };
};
I hope this makes sense.
/Jonathan
On Mon, Nov 17, 2008 at 4:43 PM, Evan Hunt <[EMAIL PROTECTED]> wrote:
>
> > Actually, to take this a step further, is there any remote possibility to
> > combine this with update-policy as well?
>
> I'm not sure what you mean.
>
> I believe you can use allow-updates to filter according to IP address
> and then update-policy to filter according to key; that might be an
> easier way to accomplish the same thing. I've never done so, but I'd
> expect it to work. But it sounds like you're asking for a feature
> change... clarify please?
>
> --
> Evan Hunt -- [EMAIL PROTECTED]
> Internet Systems Consortium, Inc.
>
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
