On Fri, 2008-11-14 at 17:35 -0800, Chris Buxton wrote:
Use a firewall (with deep packet inspection) to restrict by subnet.
Then use the TSIG key in the allow-update statement.
Unfortunately, to my knowledge, that's the only way to do this.
Wouldn't using a BIND view to restrict by
Chris Thompson schrieb:
On Nov 17 2008, Res wrote:
On Sun, 16 Nov 2008, Jeff Justice wrote:
Well, first part solved. I forgot to change the IP address of our
nameserver at the registrar. Secondary is still not updating though.
options { directory /opt/local/etc/named/;
listen-on
Ack! allow-transfer should never be any
What, never? Why not?
Security issue! You really want everyone to download your zone(s)?
That is a decision for each operator to make. The ability to
transfer a zone is not by itself a security issue.
I guess the question is, what information can
On 2008-11-17 14:25, Holger Honert wrote:
Chris Thompson schrieb:
On Nov 17 2008, Res wrote:
Ack! allow-transfer should never be any
What, never? Why not?
Security issue! You really want everyone to download your zone(s)?
I couldn't care less. If the security of my systems were the least
So it looks like my zone config file, not the actual zone, but the
config statement that is in conf was gone. I added it back in and all
is well now.
I have ran rndc reload so many times, I have no idea how it was
deleted, it is all in one file, not separate files, so it seems
unlikely
Actually, to take this a step further, is there any remote possibility to
combine this with update-policy as well?
I know both questions has been mentioned on the list before with varied
answers but I wanted to raise it again since this was finally figured out.
/Jonathan
On Mon, Nov 17, 2008 at
Yeah it would most likely be a feature request/change.
IIRC update-policy cannot be used in congestion with the allow-update
statement. Personally I prefer the usage of update-policy as I can assign
different business units within my organization to take responsibility for
certain records/record
IIRC update-policy cannot be used in congestion with the allow-update
statement.
My bad--you're right. There's code I'd never noticed before that says
allow-update will be ignored if update-policy is set. Whoops.
(Oddly, the check only applies when both of them are defined in the
zone
Guess I should start digging in the code then :)
On Mon, Nov 17, 2008 at 5:59 PM, Evan Hunt [EMAIL PROTECTED] wrote:
IIRC update-policy cannot be used in congestion with the allow-update
statement.
My bad--you're right. There's code I'd never noticed before that says
allow-update will be
Res wrote:
On Mon, 17 Nov 2008, Jefferson Ogata wrote:
On 2008-11-17 14:25, Holger Honert wrote:
Chris Thompson schrieb:
On Nov 17 2008, Res wrote:
Ack! allow-transfer should never be any
What, never? Why not?
Security issue! You really want everyone to download your zone(s)?
I
10 matches
Mail list logo
