Done, thanks.
On Thu, Jan 3, 2019 at 4:02 AM Remi Gacogne <[email protected]> wrote: > > Hi Kevin, > > On 1/2/19 2:15 AM, Kevin P. Fleming wrote: > > I've got PowerDNS Auth happily running and serving a number of domains > > (primary and two secondaries, NOTIFY/AXFR, IPv6, etc.). > > > > I've enabled DNSUPDATE so that I can do Let's Encrypt DNS-01 > > challenges for certificate issuance, and I use a TSIG key for the > > update requests. When setting up a cert for a new domain recently, I > > failed to set the domain metadata to indicate that the TSIG key would > > be required, and PowerDNS accepted the DNSUPDATE anyway (and emitted a > > log message to that effect). > > > > I don't want this behavior, I want to disable DNSUPDATE for all > > domains which don't have a TSIG key set in their metadata. The only > > way I can see to do this would be to set ALLOW-DNSUPDATE-FROM at the > > domain level to an invalid address, so that all requests will fail, > > but I also have this set in the main configuration which might not be > > overridden by the domain metadata. > > > > Is there another way to disable DNSUPDATE at the domain level? > > I'm afraid I don't see any other way. I would advise opening a feature > request on GitHub [1] so it doesn't get lost. > > [1]: https://github.com/PowerDNS/pdns/issues/new > > Best regards, > -- > Remi Gacogne > PowerDNS.COM BV - https://www.powerdns.com/ > > _______________________________________________ > Pdns-users mailing list > [email protected] > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
