Not to the list but just to you.
I could imagine a system having multiple views defined with only one view
that allows DDNS updates. The other views would be read-only. This
wouldn't be pretty, but ...
In this one view that allows DDNS, you wouldn't be restricted to ONLY A
records. Users would still be able to set up other records too using DDNS.
I have seen this were you have an internal network that you want to allow
the users, client machines, to update the DNS information using DDNS. But
if they carry their laptop home and connect to the Internet, they will still
try and send a DDNS update to the DNS server but it is rejected by the
server because it is not coming from an internal network address.
(Define subnet and internal network any way you want.)
Couldn't you have your DDNS updates come from your DHCP server rather than
directly from the client machines? If you can trust your DHCP server to
only do what you want, then you wouldn't have to worry about anything else
updating your data.
For example, if you were trying to manage the example.com domain and you
were wanting to allow DDNS to create a record for x.example.com with the
address of 192.168.1.10, then the DHCP server for the 192.168.1.0 network
could be explicitly allowed to update the DNS data, but the clients on the
network wouldn't have to be allowed. And, a client on the 192.168.2.0
network still wouldn't be able to update because they did not get their
address from the DHCP server on the 192.168.1.0 network.
Bill Larson
Nicholas F Miller nicholas.mil...@colorado.edu said:
I take it this is not possible using update-policy?
_
Nicholas Miller, ITS, University of Colorado at Boulder
On Sep 30, 2009, at 11:29 AM, Nicholas F Miller wrote:
Is it possible to restrict user machines to only be able to update
their 'A' records on a specific subnet? We would like to allow DDNS
but restrict it to specific subnets and only allow the machines to
update their 'A' records. Allow-updates will not get us the record
restrictions we would need to implement this and it doesn't appear
that update-policy has any understanding of subnet scoping.
_
Nicholas Miller, ITS, University of Colorado at Boulder
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
