Hello Phil, Hello Mark, after trying a lot the last hours I came to the same result.
grant EXAMPLE.COM ms-self * any; works. All the other things for example EXAMPLE.COM krb5-self * any; etc. dont work. So I will put this rule in any zone with the relating domain. The ms-self command is not documented in the bind manual just short mentioned in the command list (1 word) I also have to try what all can I use instead of "ANY". The client should only to be able to do the A and PTR-Record. I read that there are some limitations .... Do you have an idea how I can test that I am 100 % sure that the client really only can update itsself? Do you have a link where I can read more about the ms-self feature? thanx a lot cheers, 2011/5/12 Phil Mayers <p.may...@imperial.ac.uk> > On 12/05/11 09:33, Juergen Dietl wrote: > >> Hello Mark >> >> i am not that professional in bind. Normally I am a CISCO expert but now >> I also do the bind for 6 months. I cannot imagine why this post should >> help me. >> > > It doesn't really. > > You should only need this: > > > grant EXAMPLE.COM ms-self * any; > > > >> What do this match-type "external" mean? I am not aware of running any >> external daemon. Or was this just for the ACLs problem from Phil? >> > > Just for me. Sorry for confusing you. >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
