That could take years, if even adopted! Perhaps something simpler like a file permission/lock could do the job as well. Would that work though?
When I used certbot with rfc2136 validation through DNS, eventhough I have the main zone file permission set to root, I find it changed to that of bind. Seems like bind is capable of changing and modifying permissions? On 26/6/2019 6:36, Mark Andrews wrote: > No. > > If https://tools.ietf.org/id/draft-pusateri-dnsop-update-timeout-02.txt ever > get > adopted then yes it will be possible to have updates removed automatically. > >> On 26 Jun 2019, at 1:25 pm, Lefteris Tsintjelis via bind-users >> <bind-users@lists.isc.org> wrote: >> >> Hi, >> >> Is it possible to apply temporary only update policy and never save or >> modify anything to a zone file? >> >> For example: >> >> zone "example.com" { >> type master; >> auto-dnssec maintain; >> inline-signing yes; >> update-policy { >> grant rndc-key temponly _acme-challenge.example.com. txt; >> }; >> file "/etc/namedb/master/db.example.com"; >> }; >> >> Thank you, >> >> Lefteris >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
