'parental-agents' work the same as 'primaries'. It only supports addresses.
Listing them as domain names would technically be possible to implement, but it requires an authoritative server to act as an resolver. Adding resolver code to the path of an authoritative server is like crossing the streams. It adds security risks that are unnecessary for an authoritative server, so I'd rather not add such functionality.
Best regards, Matthijs On 05-12-2022 03:34, vom513 wrote:
Hello all, So I set up parental-agents lists for my zones, and actually got to see it work (awesome !). bind detected the parent DS records and acted accordingly. However, I currently have these lists configured using the IP (v4 only at the moment) addresses of the parent NS’es. I tried inputting hostnames, and I got errors (i.e. syntax) every time. I would prefer to put these in as hostnames. While at a certain level in the tree these don’t change very often, they can and do. I’d rather not have to keep track of these in this manner. So my question - am I just mangling the syntax - or does this clause really only support IPs ? I was thinking if so - perhaps the reason is some chicken vs. egg / security reason ? I.e. not trusting the name (which would have to be itself resolved) ? Thanks in advance for clue++
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users