You need to replace the rule type with something more appropriate for the type
of update being preformed. For the updates made by the DHCP server I would use
“zonesub”. “name” is fine for LetsEncrypt.
update-policy {grant update-key zonesub A AAAA;};
update-policy {grant update-key zonesub PTR;};
``zonesub``
This rule is similar to subdomain, except that it matches when the name
being updated is a subdomain of the zone in which the :any:`update-policy`
statement appears. This obviates the need to type the zone name twice, and
enables the use of a standard :any:`update-policy` statement in multiple zones
without modification. When this rule is used, the ``name`` field is omitted.
> On 3 Feb 2023, at 18:04, duluxoz <dulu...@gmail.com> wrote:
>
> Hi All,
>
> I'm pretty new to configuring Bind and so it would be great if someone(s)
> could just check my code re: the update-policy zone command(s) below - thanks
> in advance.
>
> For the first zone (a regular internal forward-lookup zone) I'd like to be
> able to update (from Kea via ddns) the zone when a new host is assigned/etc a
> DHCP lease:
>
> update-policy {grant update-key name internal-forward-lookup.local A AAAA;};
>
> For the second zone (a regular internal reverse-lookup zone for the
> 192.168.1.0/24 network) I'd like to be able to update (from Kea via ddns) the
> zone when a new host is assigned a DHCP lease (obviously I've got an
> equivalent IPv6 reverse-lookup zone :-) ):
>
> update-policy {grant update-key name 1.168.192.IN-ADDR.ARPA PTR;};
>
> For the third zone (a regular external forward-lookup zone) I'd like to be
> able to update (via acme.sh/LetsEncrypt) the _acme-challenge.example.com TXT
> record when a Certificate is requested/renewed:
>
> update-policy {grant update-key name _acme-challenge.example.com TXT;};
>
> I've got the update-key configured and available on all the necessary boxes,
> etc, and dns (for fixed IP addresses) and dhcp are working - I just need to
> get these update-policy statements correct.
>
>
> Any help is greatly appreciated - and again, thanks in advance
>
> Cheers
>
> Dulux-Oz
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
