did you consider just to blockother mac-addresses through iptables? but... i don't know, what you are doing there, but are you sure you want to grant every user ssh access? i assume you need to be root for this? how are you going to solve it over ssh? and how do you prevent users from just shutting down your bind? i would suggest to use a webinterface, for example with php, which puts commands into a database, or something similar (perhaps a text file could do it, too) and then run a cronjob, let's say, every 10 mins with a script that restarts bind.
HvL> Hello, HvL> My company has created an application that allows remote users to edit HvL> their DNS-records. This app needs to restart bind on the remote nameservers. HvL> I have decided to do this thrue SSH by putting the client key in HvL> authorized_keys2. But this seems a little risky, so I was wondering if HvL> it was possible to get sshd to only allow the client MAC-address. HvL> I've looked around, but for some reason search-engines tend to send me HvL> to www.apple.com ;-)
