On 12/05/2012 07:29 PM, fddi wrote:
Hello, I have a domain called mydomain.orgI would need a way to allow access with nsupdate not to the entire domain mydomain.org but only to specific hosts and specific IP Address do be modified using nsupdate. here is my config zone "mydomain.org" IN { type master; allow-query { any; }; file "mydomain.org.db"; update-policy { grant mykey. subdomain mydomain.org. A TXT CNAME; }; }; but in this way anyone can modify any hosts in the domain.
No - people with "mykey." can update any A/TXT/CNAME records at or under mydomain.org. Subtle difference.
How can I restrict and allow to modify only specific hosts ?
Name them in the policy.
for example I would like to restrict to modify only host1.mydomain.org with a given key. is it possibile ?
Erm, yes. Just use "name" rather than subdomain, and specify the name you want. Have you *read* the section on "update-policy" in the ARM?
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
