@lbutlr <krem...@kreme.com> wrote: > > If I remove "update-policy local; " the nsupdate works, but it seems > like it should have worked with the update-policy since I was in fact > local to the bind server.
The "local" keyword enables server-side support for `nsupdate -l`, which makes dynamic updates really easy to use because you don't have to worry about TSIG keys. (My production primary server pushes zone changes using roughly `nsdiff | nsupdate -l`.) But `update-policy local` actually means something kind of complicated and subtle and what it means changed a bit last year to address some odd edge cases (https://kb.isc.org/docs/aa-01599). I still need to delete some config complication that was a result of this: my primary server zone clauses have: allow-update { !{ !localhost; any; }; key local-ddns; }; which is an alternative spelling of `update policy local` that's slightly safer than the pre-2018 meaning. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Lyme Regis to Lands End including the Isles of Scilly: West or southwest 3 or 4, becoming variable 2 or 3 for a time. Smooth or slight becoming moderate in far west. Fog patches overnight. Moderate or good, occasionally very poor overnight. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
