Hello, Fix description of idnsAllowQuery attribute in README.
https://fedorahosted.org/bind-dyndb-ldap/ticket/154 I got off-list ACK from Martin^2. Pushed to master: a4565b3ef843e4464d2e950f0716818e7c7ce09b -- Petr^2 Spacek
From 94169b05e3a5e2d5b4c522274c50e523b0c1f030 Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Wed, 21 Jan 2015 13:53:02 +0100 Subject: [PATCH] Fix description of idnsAllowQuery attribute in README. https://fedorahosted.org/bind-dyndb-ldap/ticket/154 --- README | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/README b/README index 1b8f2a713ad901d3aab5ed799cbb9c5e9c746c44..47cd9f68a3d27131ba95a07839cc3c2c5f2e8e49 100644 --- a/README +++ b/README @@ -62,23 +62,22 @@ Attributes: value "dyn_update" from plugin configuration will be used. * idnsAllowQuery - Specifies BIND9 zone ACL element. This attribute can be set multiple - times and are merged together to the one ACL. + Specifies BIND9 zone ACL element as one string. - Example: - idnsAllowQuery: 127.0.0.1 - idnsAllowQuery: ::1 - idnsAllowQuery: 192.168.1.0/24 + Example 1: idnsAllowQuery: 192.0.2.1 + In the first example above, only the client with 192.0.2.1 IP address + is allowed to query records from the zone. - In the example above clients with 127.0.0.1 and ::1 IP addresses and - clients from the 192.168.1.0/24 network are allowed to obtain records - from the zone. + Example 2: idnsAllowQuery: !192.0.2.33; 192.0.2.0/24; + In the second example, queries from client 192.0.2.33 are refused + but queries from all other clients in the 192.0.2.0/24 network + are allowed. You can specify IPv4/IPv6 address, IPv4/IPv6 network address in CIDR - format and "any" or "none" keywords. The "!" prefix (for example - !192.168.1.0/24) means negation of the ACL element. + format, and "any" or "none" keywords. The "!" prefix (for example + !192.0.2.33) means negation of the ACL element. - If not set then zone inherits global allow-query from named.conf. + If not set, then zone inherits global allow-query from named.conf. * idnsAllowTransfer Uses same format as idnsAllowQuery. Allows zone transfers for matching -- 2.1.0
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel