In message <50bfaba3.5040...@dougbarton.us>, Doug Barton writes:
> On 12/05/2012 11:29 AM, fddi wrote:
> > Hello, I have a domain called mydomain.org
> >
> > I would need a way to allow access with nsupdate not to the entire
> > domain mydomain.org
> > but only to specific hosts and specific IP Address do be modified using
> > nsupdate.
> >
> >
> > here is my config
> >
> > zone "mydomain.org" IN {
> > type master;
> > allow-query { any; };
> > file "mydomain.org.db";
> > update-policy {
> > grant mykey. subdomain mydomain.org. A TXT CNAME;
> > };
> > };
> >
> > but in this way anyone can modify any hosts in the domain.
> > How can I restrict and allow to modify only specific hosts ?
> >
> > for example I would like to restrict to modify only host1.mydomain.org
> > with a given key.
> >
> > is it possibile ?
>
> make the records you want to be modifiable into their own zones.
grant mykey. name host1.mydomain.org. A AAAA
or
grant host1.mydomain.org. self . A AAAA
or
grant "local:/path/to/socket" external * A AAAA
or
grant "local:/path/to/socket" external * ANY
The last two require a external tool to make the decision.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
