On 12/25/2017 10:23 AM, MAYER Hans wrote:
Hi Grant,
Hi Hans,
Many thanks for the detailed information.
You're welcome.
"update-policy” is new for me and maybe the solution. I have to dig deeper into the documentation.
It's relatively new for me too. I think I became aware of it through one of the people I follow on Twitter.
update-policy { grant *.fx.movie.edu. self fx.movie.edu. A; };What does it say ?
My understanding is that <something>.fx.movie.edu is given permission to update it's own A record.
I'd have to go back and re-read the documentation (Zytrax's page is good) to decode it further.
So far I have seen the client is only allowed to update his own record. That means if the client has a new IP it can update the IP address.
That's my understanding as well.
Does it mean the client is only allowed to update within the same network range ?
I don't think the update-policy statement above cares where the client is located. Remember that we're talking about the A record in the fx.movie.edu zone.
It seems I am missing some important information. Maybe I am blind, but how is the client name verified ?
The only times that I've used this was in combination with a TSIG key. So that may be how the client is authenticating who it is to the DNS server.
What happens if a client has for example the name “www” ?
I can't recall at the moment what the identifying factor is. It may very well be embedded in the TSIG key.
( Assume we have already a record with name “www” and IP but in a different network than the client )
*nod*
Kind regards
Likewise. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users