On 4/2/19 6:00 PM, Sam Wilson wrote: >> During a cleanup of other code (specifically named-checkconf), code was >> changed that enforced what was believed to have been the default >> previously: specifically, allow-update was only allowed in zone stanzas. > > Can I ask who believed it was previously the default? I hope I'm not > misreading the first dozen or so lines of this page (which seems to be > reflected in previous editions of the ARM). > > <https://ftp.isc.org/isc/bind9/cur/9.13/doc/arm/Bv9ARM.ch05.html#options_grammar>
The answer to your question is: "someone at ISC". However, can you post exactly what you mean by "this page" and what default we are talking about? Based on the history of this e-mail thread, I think that we are talking about "allow-update" being available at the global view (up until 9.13.3) and it not being allowed there (the rest of the 9.13 branch up until 9.14.0) In the options section of the ARM I see: allow-update Specifies which hosts are allowed to submit Dynamic DNS updates for master zones. The default is to deny updates from all hosts. Note that allowing updates based on the requestor's IP address is insecure; see the section called “Dynamic Update Security” for details. in 9.12 (https://ftp.isc.org/isc/bind9/cur/9.12/doc/arm/Bv9ARM.ch05.html#options_grammar) and: allow-update When set in the zone statement for a master zone, specifies which hosts are allowed to submit Dynamic DNS updates to that zone. The default is to deny updates from all hosts. This can only be set at the zone level, not in options or view. in 9.13 and 9.14. The text here (as referred to in your link) is the updated text that was changed at the same time that the code change was made, thus matching what was released in 9.14. AlanC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
