Philip Prindeville <philipp_s...@redfish-solutions.com> wrote:
>
> But I've noticed that since I added the following to my options { }:
>
> allow-transfer { none; };
> dnssec-validation auto;
> listen-on-v6 { none; } ;
>
> That I get a *lot* of lines like:
>
> ; Communication with ::1#53 failed: connection refused
"Doctor it hurts when I do this!"
When you use `nsupdate -l` you are using a hard-coded configuration, that
uses a compiled-in path to the session key and fixed IPv4 and IPv6
localhost addresses.
If that doesn't fit your setup then you need to adjust the command-line
options for `nsupdate`.
I think for your purposes it would be best to add an environment variable
for the nsupdate options, so that the admin can set the variable to
contain different options if bare -l doesn't fit their needs. So if in
some fit of self-harm they have turned off IPv6, they can add -4 to the
variable, or they can get more creative with the -k option. (Sadly you
have to set the server address in the update script, not on the command
line.)
--
Tony Finch <f...@isc.org> (he/they) Cambridge, England
Rockall: West or southwest 7 to severe gale 9, decreasing 4 to 6
later. Very rough, becoming very rough or high. Rain or showers. Good,
occasionally poor.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
