Hello, and thanx for all your answeres.
I want to ask the question again in a shorter way: If I look in the log the client tells the dns-server: request has valid signature: WS-YBCL150939\$\@EXAMPLE.TEST when I now put in the rule: grant WS-YBCL150939\$\@EXAMPLE.TEST subdomain example.test. ANY; ONLY THIS client is allowed to make update. So I would have to make 50k lines - one for each client :-) So I look for a way that I can say that all clients from EXAMPLE.TEST are allowed to update their own record (or whatever). It should work like this grant *\$\@EXAMPLE.TEST subdomain example.test. ANY; I also do not know what the $-sign is for and why the syntax is so strange \...\@. In the named.conf I also use the tkey-gssapi-keytab "/etc/krb5.keytab"; I cannot use the tkey-gssapi-credential "DNS/lxdns10t.prim-dns.test1.t...@example.test"; tkey-domain "EXAMPLE.TEST"; Because I need one key for every domain and so I must join them with KTUTIL making one big keytab. And with the old sytax I only can use one credential. Any new idea?
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
