> On 2 Apr 2020, at 11:59, Jim Popovitch via bind-users
> wrote:
>
> On Thu, 2020-04-02 at 09:27 +1100, Mark Andrews wrote:
>>> On 2 Apr 2020, at 06:53, Jim Popovitch via bind-users <
>>> bind-users@lists.isc.org> wrote:
>>>
>>> Hello!
>>>
>>> I started on #bind, moved on to the ARM, and
On Thu, 2020-04-02 at 09:27 +1100, Mark Andrews wrote:
> > On 2 Apr 2020, at 06:53, Jim Popovitch via bind-users <
> > bind-users@lists.isc.org> wrote:
> >
> > Hello!
> >
> > I started on #bind, moved on to the ARM, and now I am here.
> >
> > Here is what I want:
> >
> > update-policy {grant
> On 2 Apr 2020, at 06:53, Jim Popovitch via bind-users
> wrote:
>
> Hello!
>
> I started on #bind, moved on to the ARM, and now I am here.
>
> Here is what I want:
>
> update-policy {grant webserver-tsig-key wildcard _acme-challenge.* TXT;};
>
> This is what I get:
>
> ~$
Jim Popovitch via bind-users wrote:
>
>update-policy {grant webserver-tsig-key wildcard _acme-challenge.* TXT;};
Sadly in the DNS a wildcard * can only occur as the leftmost label in a name.
RFC 4592 has more than you ever wanted to know about DNS wildcards. It's
not pretty.
Tony.
--
Thanks Bob, while your suggestions didn't help directly they did put me
on a path that eventually lead to the solution. Turns out I had an ill
defined SOA record along with a ill defined NS record (copy/paste error)
that was the problem in my localhost zone. I think I am once again a
happy
Hello!
I started on #bind, moved on to the ARM, and now I am here.
Here is what I want:
update-policy {grant webserver-tsig-key wildcard _acme-challenge.* TXT;};
This is what I get:
~$ named-checkconf
/etc/bind/named.conf:73: '_acme-challenge.*' is not a wildcard
What am I doing
Shumon Huque wrote:
>
> The implication is that "ignore" also means set the response code to
> NOERROR. Although, I suppose CNAME related UPDATE processing could have
> been special cased to return an error code like YXRRSET (even without a
> specified prerequisite clause).
Ah, yes, now you
I recently tried using dnspython to replay captured queries and found that
it refuses to do any "meta" queries, including "ANY". But since the real
world occasionally uses meta queries, I need to be able to make them. I
ended up using https://github.com/paulc/dnslib, but I don't see where that
On Wed, Apr 1, 2020 at 8:36 AM Tony Finch wrote:
>
> This error behaviour is mostly specified by the UPDATE protocol (RFC
> 2136). It's worth reading the RFC becasue (as you have found) some of the
> behaviour is a bit surprising. For instance, adding a record that already
> exists is not an
Petr Bena wrote:
>
> The problem with this approach is that it's not atomic.
That's the point of the prerequisite section! You can package up the
atomicity checks and updates into one request. You will have to deal with
concurrent update clashes in some way, but that's true for any system that
Hi there,
On Wed, 1 Apr 2020, Petr Bena wrote:
... Is there any alternative to nsupdate, something that can work with XML
or JSON payloads or provide output in such machine parseable format? ...
If it's any help DNS::ZoneParse claims to be able to output XML - but
I don't have any experience
These projects tend to be custom... there may be a prepackaged solution,
but everything I've run into has either been tied to the specific
abstractions of a project - or very low level.
Mine uses the Perl Net::DNS module to setup update transactions.
Net::DNS gives you the ability to send
I would recommend dnspython as a start. The API is very non-Python,
but once you get hang of it, it’s not that bad.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 1 Apr 2020, at 15:21, Petr Bena wrote:
>
> like a "proper DNS library" you talk about, is there any such a thing?
signature.asc
Hello,
The problem with this approach is that it's not atomic. I can run a
query to check if record exists before it's created, but there are two
problems:
* It adds an overhead (one more call of dig to lookup current situation)
* It's not reliable - because it's not atomic
So I was hoping
> On 1 Apr 2020, at 20:07, Petr Bena wrote:
>
> Hello,
>
> Some preamble: Some time ago I created an open source DNS admin web GUI *1
> that is basically a wrapper around dig and nsupdate that allows people with
> "less CLI knowledge" to easily manipulate DNS records. The main reason for
>
Petr Bena wrote:
>
I think your approach of using standard protocols (DNS queries and
updages) to edit zones is very good!
> Is there any alternative to nsupdate, something that can work with XML
> or JSON payloads or provide output in such machine parseable format?
I've done a lot with
Hello,
Some preamble: Some time ago I created an open source DNS admin web GUI
*1 that is basically a wrapper around dig and nsupdate that allows
people with "less CLI knowledge" to easily manipulate DNS records. The
main reason for this was that in our corporation we have about 400
internal
17 matches
Mail list logo