Thank you very much learnt a new thing too Mark Andrews <[email protected]> ha scritto:
> >In message <[email protected]>, Doug Barton writes: >> On 12/05/2012 11:29 AM, fddi wrote: >> > Hello, I have a domain called mydomain.org >> > >> > I would need a way to allow access with nsupdate not to the entire >> > domain mydomain.org >> > but only to specific hosts and specific IP Address do be modified >using >> > nsupdate. >> > >> > >> > here is my config >> > >> > zone "mydomain.org" IN { >> > type master; >> > allow-query { any; }; >> > file "mydomain.org.db"; >> > update-policy { >> > grant mykey. subdomain mydomain.org. A TXT CNAME; >> > }; >> > }; >> > >> > but in this way anyone can modify any hosts in the domain. >> > How can I restrict and allow to modify only specific hosts ? >> > >> > for example I would like to restrict to modify only >host1.mydomain.org >> > with a given key. >> > >> > is it possibile ? >> >> make the records you want to be modifiable into their own zones. > > grant mykey. name host1.mydomain.org. A AAAA > > or > > grant host1.mydomain.org. self . A AAAA > > or > > grant "local:/path/to/socket" external * A AAAA > > or > > grant "local:/path/to/socket" external * ANY > > The last two require a external tool to make the decision. > >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >unsubscribe >> from this list >> >> bind-users mailing list >> [email protected] >> https://lists.isc.org/mailman/listinfo/bind-users >-- >Mark Andrews, ISC >1 Seymour St., Dundas Valley, NSW 2117, Australia >PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
