Why are you letting the clients register their own addresses in DNS in the
first place? If you want a higher level of control, move the DDNS
responsibility to the DHCP server.
- Kevin
-----Original Message-----
From: bind-users [mailto:[email protected]] On Behalf Of
Nicholas Miller
Sent: Friday, March 23, 2018 4:16 PM
To: [email protected]
Subject: Re: GSS-TSIG update-policy clarification
Thats well and good for an organization that controls ALL of the end points. In
a university that isn’t possible.
_________________________________________________________
Nicholas Miller, OIT, University of Colorado at Boulder
> On Mar 23, 2018, at 2:04 PM, Mark Andrews <[email protected]> wrote:
>
> If you don’t want 6to4 addresses stop the machine configuring them.
>
> Not everything should be done at the DNS level.
> --
> Mark Andrews
>
>> On 24 Mar 2018, at 01:07, Nicholas Miller <[email protected]>
>> wrote:
>>
>> As a followup, is there a way to stop Windows systems from adding their
>> 6-to-4 AAAA record? I see little point in adding these records to a domain.
>> _________________________________________________________
>> Nicholas Miller, OIT, University of Colorado at Boulder
>>
>>> On Mar 22, 2018, at 12:13 PM, Mark Andrews <[email protected]> wrote:
>>>
>>> This was noted in the release notes and in CHANGES.
>>>
>>> 4885. [security] update-policy rules that otherwise ignore the name
>>> field now require that it be set to "." to ensure
>>> that any type list present is properly interpreted.
>>> [RT #47126]
>>>
>>> krb5-subdomain gets the permitted names from the Kerberos credential
>>> name (host/machine@REALM).
>>>
>>>> On 23 Mar 2018, at 2:50 am, Nicholas Miller <[email protected]>
>>>> wrote:
>>>>
>>>> With the latest update to bind our named.conf started reporting errors. I
>>>> have figured it out but wanted to get clarification about the syntax.
>>>>
>>>> We had been using:
>>>>
>>>> deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;
>>>>
>>>> We are now using:
>>>>
>>>> deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;
>>>>
>>>> Am I to assume that the ‘.’ in the config statement behaves similarly to
>>>> the ‘.’ in a zone file? It refers back to the zone the update-policy is
>>>> defining?
>>>>
>>>> Also, what is the difference between using a ‘.’ and a ‘*’? They both
>>>> refer to all records within the zone.:
>>>>
>>>> deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;
>>>>
>>>> _________________________________________________________
>>>> Nicholas Miller, OIT, University of Colorado at Boulder
>>>>
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>> unsubscribe from this list
>>>>
>>>> bind-users mailing list
>>>> [email protected]
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>> --
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742 INTERNET: [email protected]
>>>
>>
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
