You need to replace the rule type with something more appropriate for the type of update being preformed. For the updates made by the DHCP server I would use “zonesub”. “name” is fine for LetsEncrypt.
update-policy {grant update-key zonesub A AAAA;}; update-policy {grant update-key zonesub PTR;}; ``zonesub`` This rule is similar to subdomain, except that it matches when the name being updated is a subdomain of the zone in which the :any:`update-policy` statement appears. This obviates the need to type the zone name twice, and enables the use of a standard :any:`update-policy` statement in multiple zones without modification. When this rule is used, the ``name`` field is omitted. > On 3 Feb 2023, at 18:04, duluxoz <dulu...@gmail.com> wrote: > > Hi All, > > I'm pretty new to configuring Bind and so it would be great if someone(s) > could just check my code re: the update-policy zone command(s) below - thanks > in advance. > > For the first zone (a regular internal forward-lookup zone) I'd like to be > able to update (from Kea via ddns) the zone when a new host is assigned/etc a > DHCP lease: > > update-policy {grant update-key name internal-forward-lookup.local A AAAA;}; > > For the second zone (a regular internal reverse-lookup zone for the > 192.168.1.0/24 network) I'd like to be able to update (from Kea via ddns) the > zone when a new host is assigned a DHCP lease (obviously I've got an > equivalent IPv6 reverse-lookup zone :-) ): > > update-policy {grant update-key name 1.168.192.IN-ADDR.ARPA PTR;}; > > For the third zone (a regular external forward-lookup zone) I'd like to be > able to update (via acme.sh/LetsEncrypt) the _acme-challenge.example.com TXT > record when a Certificate is requested/renewed: > > update-policy {grant update-key name _acme-challenge.example.com TXT;}; > > I've got the update-key configured and available on all the necessary boxes, > etc, and dns (for fixed IP addresses) and dhcp are working - I just need to > get these update-policy statements correct. > > > Any help is greatly appreciated - and again, thanks in advance > > Cheers > > Dulux-Oz -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users