> Now I want to do it right, but I don't see a way for nsupdate to do
> what httpd does: autodetection of client IP address for nsupdate of
> its A record.
>
> I can script something on the client end to get the IP address, but
> if possible I'd prefer autodetection, which would be OS- and
> shell-agnostic. Is that possible?
No, that isn't possible. As you say, you'd have to script something
around it on the client side.
> So if I wanted my home server to be able to nspdate with a SIG(0)
> key, that works, but I can't have my named use that key to AXFR or
> IXFR my zones?
Correct. Bv9ARM section 4.5.5 specifies that ACL definitions for
allow-{query|transfer} have been extended to allow TSIG keys, but there
is no mention of SIG(0) keys.
I use SIG(0) for granting updates, and TSIG for restricting AXFR.
Regards,
-JP
_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
