Hi Nicholas, thanx for your hint but unfortunately it gets also a refuse.
cheers, 2011/5/11 Nicholas F Miller <nicholas.mil...@colorado.edu> > Try: > > grant EXAMPLE.TEST subdomain EXAMPLE.TEST ANY; > _________________________________________________________ > Nicholas Miller, ITS, University of Colorado at Boulder > > > > On May 11, 2011, at 7:08 AM, Juergen Dietl wrote: > > > Hello, > > > > and thanx for all your answeres. > > > > I want to ask the question again in a shorter way: > > > > If I look in the log the client tells the dns-server: > > request has valid signature: WS-YBCL150939\$\@EXAMPLE.TEST > > > > when I now put in the rule: > > grant WS-YBCL150939\$\@EXAMPLE.TEST subdomain example.test. ANY; > > > > ONLY THIS client is allowed to make update. So I would have to make 50k > lines - one for each client :-) > > > > So I look for a way that I can say that all clients from EXAMPLE.TEST are > allowed to update their own record (or whatever). > > > > It should work like this grant *\$\@EXAMPLE.TEST subdomain example.test. > ANY; > > > > I also do not know what the $-sign is for and why the syntax is so > strange \...\@. > > > > In the named.conf I also use the > > tkey-gssapi-keytab "/etc/krb5.keytab"; > > > > I cannot use the > > tkey-gssapi-credential "DNS/lxdns10t.prim-dns.test1.t...@example.test"; > > tkey-domain "EXAMPLE.TEST"; > > > > Because I need one key for every domain and so I must join them with > KTUTIL making one big keytab. And with the old sytax I only can use one > credential. > > > > Any new idea? > > > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users