I've got PowerDNS Auth happily running and serving a number of domains (primary and two secondaries, NOTIFY/AXFR, IPv6, etc.).
I've enabled DNSUPDATE so that I can do Let's Encrypt DNS-01 challenges for certificate issuance, and I use a TSIG key for the update requests. When setting up a cert for a new domain recently, I failed to set the domain metadata to indicate that the TSIG key would be required, and PowerDNS accepted the DNSUPDATE anyway (and emitted a log message to that effect). I don't want this behavior, I want to disable DNSUPDATE for all domains which don't have a TSIG key set in their metadata. The only way I can see to do this would be to set ALLOW-DNSUPDATE-FROM at the domain level to an invalid address, so that all requests will fail, but I also have this set in the main configuration which might not be overridden by the domain metadata. Is there another way to disable DNSUPDATE at the domain level? _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
