Mark,
That looks like a nice format for it.
I'd still like to see named.conf mark some zones as
uneditable via rdnc, just in case I want to allow a
peer institution to add/remove zone where I'm the
secondary, I want some mechanism to prevent them from
accidently deleting zones I'm actually the master of.
Perhaps as 'simple' as having different zones fall under
different management keys? Is that possible? My zones
protected by a differnt management key then the zones that
my colleges use?
Albany.edu may provide DNS secondary for RPI.edu, but they
certainly don't want RPI to edit the wrong zones file.
On Wed, Aug 06, 2014 at 09:35:00AM +1000, Mark Andrews wrote:
>
> Personally I'd like to extend UPDATE
>
> allow-addzone { acl; };
> allow-delzone { acl; };
> e.g.
> nsupdate
> new zone
> server addresss [port]
> key name:secret
> [masters <list>]
> [allow-query <acl>]
> [allow-transfer <acl>]
> [allow-update <acl>]
> [conf text]
> [conf text]
> [conf text]
> [zone data for master]
> send
>
> nsupdate
> del zone
> key name:secret
> send
>
> Where "new" is a EDNS options which optionally has master addresses / names
> allow-query is a EDNS acl option of subtype query [default any; if missing]
> allow-transfer is a EDNS acl option of subtype transfer [default any; if
> missing]
> allow-update is a EDNS acl option of subtype update [default none; if missing]
> conf is a EDNS which contains other configuration data for a zone
>
> Mark
>
> In message <20140805164053.ga11...@fantomas.sk>, Matus UHLAR - fantomas
> writes:
> > On 05.08.14 11:43, Brian Cuttler wrote:
> > >The slave trusts the master, for zone files, but creating
> > >a new zone?
> >
> > hmmm, when a meta-zone is signed by trusted key, why not? :-)
> > using notifies and IXFR would be even more great...
> >
> > --
> > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> > Warning: I wish NOT to receive e-mail advertising to this address.
> > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> > You have the right to remain silent. Anything you say will be misquoted,
> > then used against you.
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
---
Brian R Cuttler brian.cutt...@wadsworth.org
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
