Hi Hans
if you can afford, use ISC DHCP server DDNS method :
- only DHCP server is allowed to update DNS server (forward / reverse zone),
protect NSUPDATE with ACL, or better tsig
- in dhcpd.conf :
ddns-updates on;
ddns-update-style interim;
ignore client-updates;
- and, always in DHCPD.conf, set that only in the subnet you want.
the interim style use for each A record a TXT records to ensure that 'static'
dns entries are not overwritten by dynamic (dhcp) client.
http://www.zytrax.com/books/dns/ch9/dhcp.html
Philippe
> -----Original Message-----
> From: bind-users [mailto:[email protected]] On Behalf Of
> MAYER Hans
> Sent: Wednesday, December 20, 2017 2:27 PM
> To: [email protected]
> Subject: Re: DDNS - limitation and excluding updates from certain networks
>
>
> Dear Mukund,
>
> Many thanks for coming back.
>
> > You'll have to explain what you mean better for a more specific answer,
> > but see the manual for the "allow-update" ACL config option
>
> In my zone configuration I have an “allow-update” statement.
> Here I define all networks which are allowed to dynamically update the DNS
> entries.
>
> But my zone contains other IP addresses too. Not only those of the PCs.
> These are static names/addresses which are seldom changed.
>
> And of course the complete zone is a dynamic zone.
>
> And I don’t wont that this static names can by changed by someone out of
> an IP range, where it is allowed.
> I didn’t find any hint to block certain IP ranges to be updated within a
> dynamic zone.
>
> Hopefully this explains my question a little bit better.
>
>
> // Hans
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
