As others have pointed out, "allow-update-forwarding" only works for slaves.

Yet another reason to go with a large-authoritative-core approach, instead of stringing stuff together with recursive arrangements. Would you rather build an enterprise-strength DNS infrastructure from fragile filaments (forwarding) or solid bonds (replication)?

OK, I'll get off my infrastructure architect soapbox now...
                    - Kevin

On 10/2/2013 4:41 AM, Bojan Tomic wrote:
Thanks Phil!

I've tried "allow-update-forwarding", but my understanding is that this option only works for slave servers!? What i'm looking for is dynamic update forwarding from non-authoritative server. Can allow-update-forwarding also work with non-authoritative server?We are building an internal closed solution so source IP checking is not necessary.



On Wed, Oct 2, 2013 at 8:56 AM, Phil Mayers <p.may...@imperial.ac.uk <mailto:p.may...@imperial.ac.uk>> wrote:

    On 10/02/2013 07:51 AM, Bojan Tomic wrote:

        Hi,

        I'm looking for a way to setup a recursive/forwarding named
        server to
        forward dynamic updates


    See "allow-update-forwarding" in the ARM. Obviously you will lose
    source IP / TSIG key info, so will need to perform access checks
    at the forwarding server, and allow everything you need at the
    target server from the source/key of the forwarder.
    _______________________________________________
    Please visit https://lists.isc.org/mailman/listinfo/bind-users to
    unsubscribe from this list

    bind-users mailing list
    bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
    https://lists.isc.org/mailman/listinfo/bind-users




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to