Forum: CFEngine Help Subject: Re: Limit cf-serverd access to certain IPs Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,23620,23629#msg-23629
It looks like that will be tough to maintain in a large scale. Quite complicated. Of course Bind db files are complicated too. However, more people might be familiar with Bind db files than the Cfengine data structure you've laid out. You might consider keeping the Bind files in version control. Have Cfegine use them as master files to manage your DNS servers. Combine this with maintaining resolv.conf on the clients and you can now reasonably trust DNS. Commit a change to Bind in version control and Cfengine will distribute it. For Cfengine access rules I normally just keep a list of networks or IP addresses. Sometimes there is a bit of logic to have different rules for different environments. However, this is usually separate from DNS. _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
