On Thu, Sep 26, 2013 at 04:25:54PM +0100, Phil Mayers wrote:
> Interesting; static zones only, or dynamic ones too?
Both should work. Thanks for asking the question, I'll pay closer
attention to dynamic zones as a test scenario when I get back to
this.
(It occurs to me as I type that there could be some unexpected effects
if you don't set the ACLs consistently. Say you have a view with
"allow-query { any; };", and it references a zone living in a view with
"allow-query { localnets; };". The zone would've inherited the options
from its containing view, so it would only allow queries from localnets,
even when reached via the other view. And if you're doing this with a
dynamic zone you'll want to be careful that update-policy is set the way
you really want and you're not relying on match-clients for security.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
