Did anyone try restricting nsupdate by using tcp-wrappers? I heard that we can restrict nsupdate using tcp-wrapper Anyone tried this?
cheers Maani On Nov 17, 9:06 pm, "Jonathan Petersson" <jpeters...@garnser.se> wrote: > --===============7939338197629145746== > Content-Type: multipart/alternative; > boundary="----=_Part_36617_8743902.1226973981518" > > ------=_Part_36617_8743902.1226973981518 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > Guess I should start digging in the code then :) > > > > On Mon, Nov 17, 2008 at 5:59 PM, Evan Hunt <evan_h...@isc.org> wrote: > > > IIRC update-policy cannot be used in congestion with the allow-update > > > statement. > > > My bad--you're right. There's code I'd never noticed before that says > > allow-update will be ignored if update-policy is set. Whoops. > > > (Oddly, the check only applies when both of them are defined in the > > zone itself. You can put "allow-updates" in the view options and > > "update-policy" in the zone, and named won't complain about it... > > but it also won't work the way you want it to.) > > > I don't know why it was implemented this way--there's no protocol reason > > I can see. (There may be other reasons I don't know about.) It's probably > > not a high enough priority for ISC to devote engineering resources to it at > > this time, but if someone submitted a patch that added an ACL check to the > > update-policy syntax, I'm sure we'd consider it. > > > -- > > Evan Hunt -- evan_h...@isc.org > > Internet Systems Consortium, Inc. > > ------=_Part_36617_8743902.1226973981518 > Content-Type: text/html; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > Guess I should start digging in the code then :)<br><br><div > class="gmail_quote">On Mon, Nov 17, 2008 at 5:59 PM, Evan Hunt <span > dir="ltr"><<a > href="mailto:evan_h...@isc.org";>evan_h...@isc.org</a>></span> wrote:<br> > <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, > 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">> > IIRC update-policy cannot be used in congestion with the allow-update<br> > > > statement.<br> > <br> > </div>My bad--you're right. There's code I'd never noticed > before that says<br> > allow-update will be ignored if update-policy is set. Whoops.<br> > <br> > (Oddly, the check only applies when both of them are defined in the<br> > zone itself. You can put "allow-updates" in the view options > and<br> > "update-policy" in the zone, and named won't complain about > it...<br> > but it also won't work the way you want it to.)<br> > <br> > I don't know why it was implemented this way--there's no protocol > reason<br> > I can see. (There may be other reasons I don't know about.) > It's probably<br> > not a high enough priority for ISC to devote engineering resources to it > at<br> > this time, but if someone submitted a patch that added an ACL check to the<br> > update-policy syntax, I'm sure we'd consider it.<br> > <div><div></div><div class="Wj3C7c"><br> > --<br> > Evan Hunt -- <a href="mailto:evan_h...@isc.org";>evan_h...@isc.org</a><br> > Internet Systems Consortium, Inc.<br> > </div></div></blockquote></div><br> > > ------=_Part_36617_8743902.1226973981518-- > > --===============7939338197629145746== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > bind-users mailing list > bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users > --===============7939338197629145746==-- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
