Thank you very much learnt a new thing too
Mark Andrews <ma...@isc.org> ha scritto:
>
>In message <50bfaba3.5040...@dougbarton.us>, Doug Barton writes:
>> On 12/05/2012 11:29 AM, fddi wrote:
>> > Hello, I have a domain called mydomain.org
>> >
>> > I would need a way to allow access with nsupdate not to the entire
>> > domain mydomain.org
>> > but only to specific hosts and specific IP Address do be modified
>using
>> > nsupdate.
>> >
>> >
>> > here is my config
>> >
>> > zone "mydomain.org" IN {
>> > type master;
>> > allow-query { any; };
>> > file "mydomain.org.db";
>> > update-policy {
>> > grant mykey. subdomain mydomain.org. A TXT CNAME;
>> > };
>> > };
>> >
>> > but in this way anyone can modify any hosts in the domain.
>> > How can I restrict and allow to modify only specific hosts ?
>> >
>> > for example I would like to restrict to modify only
>host1.mydomain.org
>> > with a given key.
>> >
>> > is it possibile ?
>>
>> make the records you want to be modifiable into their own zones.
>
> grant mykey. name host1.mydomain.org. A AAAA
>
> or
>
> grant host1.mydomain.org. self . A AAAA
>
> or
>
> grant "local:/path/to/socket" external * A AAAA
>
> or
>
> grant "local:/path/to/socket" external * ANY
>
> The last two require a external tool to make the decision.
>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe
>> from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
