Hi, I have a question on using signed (TSIG) dynamic updates. My understanding is that both allow-update and update-policy allows either a host or a key.
Is there any way (or workaround) to make bind only accept dynamic updates from a specific host that has the specific key? The problem I have is I work for a site that want to issue signed dynamic updates to an external dns server. Since dynamic updates use port 53 and there is no way to control access on the network level, I'm looking for a way to convince bind to only accept dynamic updates if they originate from a specific host *and* are signed with the specific key. Thankyou for taking the time to read my message, --a _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
