Not to the list but just to you. I could imagine a system having multiple views defined with only one view that allows DDNS updates. The other views would be "read-only". This wouldn't be pretty, but ...
In this one view that allows DDNS, you wouldn't be restricted to ONLY "A" records. Users would still be able to set up other records too using DDNS. I have seen this were you have an internal network that you want to allow the users, client machines, to update the DNS information using DDNS. But if they carry their laptop home and connect to the Internet, they will still try and send a DDNS update to the DNS server but it is rejected by the server because it is not coming from an internal network address. (Define "subnet" and "internal network" any way you want.) Couldn't you have your DDNS updates come from your DHCP server rather than directly from the client machines? If you can "trust" your DHCP server to only do what you want, then you wouldn't have to worry about anything else updating your data. For example, if you were trying to manage the "example.com" domain and you were wanting to allow DDNS to create a record for "x.example.com" with the address of 192.168.1.10, then the DHCP server for the 192.168.1.0 network could be explicitly allowed to update the DNS data, but the clients on the network wouldn't have to be allowed. And, a client on the 192.168.2.0 network still wouldn't be able to update because they did not get their address from the DHCP server on the 192.168.1.0 network. Bill Larson Nicholas F Miller <nicholas.mil...@colorado.edu> said: > I take it this is not possible using update-policy? > _________________________________________________________ > Nicholas Miller, ITS, University of Colorado at Boulder > > > > On Sep 30, 2009, at 11:29 AM, Nicholas F Miller wrote: > > > Is it possible to restrict user machines to only be able to update > > their 'A' records on a specific subnet? We would like to allow DDNS > > but restrict it to specific subnets and only allow the machines to > > update their 'A' records. Allow-updates will not get us the record > > restrictions we would need to implement this and it doesn't appear > > that update-policy has any understanding of subnet scoping. > > _________________________________________________________ > > Nicholas Miller, ITS, University of Colorado at Boulder > > > > > > > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
