Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #51
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.42!gegeweb.eu!nntpfeed.proxad.net!proxad.net!feeder1-1.proxad.net!198.186.194.250.MISMATCH!news-out.readnews.com!news-xxxfer.readnews.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Aleksander Kurczyk <aleksanderkurczyk@o2.pl> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Securing zone transfer and DDNS |
| Date | Mon, 07 Nov 2011 17:04:42 +0100 |
| Lines | 60 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.11.1320681929.68562.bind-users@lists.isc.org> (permalink) |
| References | <21ed7915.4729b742.4eb72f52.7f82@o2.pl> <4EB746D7.9000205@dougbarton.us> <687fd44f.1f6eb34b.4eb7ebcc.d7948@o2.pl> <20111107145934.GA2884@jmbp.jpmens.org> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| Content-Transfer-Encoding | quoted-printable |
| X-Trace | usenet.stanford.edu 1320681929 8457 149.20.64.75 (7 Nov 2011 16:05:29 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <aleksanderkurczyk@o2.pl> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| In-Reply-To | <20111107145934.GA2884@jmbp.jpmens.org> |
| X-Originator | 95.160.160.157 |
| X-Spam-Status | No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM, SARE_SUB_ENC_UTF8,T_TO_NO_BRKTS_FREEMAIL autolearn=no version=3.3.1 |
| X-Spam-Checker-Version | SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| Xref | x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:51 |
Show key headers only | View raw
Dnia 7 listopada 2011 15:59 Jan-Piet Mens <jpmens.dns@gmail.com> napisaĆ(a):
> > Bind version is: 9.7.4
>
> Upgrade; 9.8.1 is current. (In addition, you're reading a book called
> BIND 10 -- even though the book doesn't once mention that software!)
I'm using Mac OS X 10.4.11 Tiger on G4 400 MHz PPC Mac and BIND 9.7.4 is the last version that I'm able to use.
> I assume what you probably want to do is something like this:
>
> key "my.key" {
> algorithm HMAC-MD5;
> secret "xxxx";
> };
> key "my.key2" {
> ...
> };
>
> acl xferkey {
> key my.key2;
> };
>
> zone "example.net" IN {
> type master;
> file "example.net";
> allow-update {
> key "my.key";
> };
> allow-transfer {
> xferkey;
> };
> };
That's what I'm trying to do :) but what's with the server section? On the book it's both in the master and slave (zone tranasfer) named.conf files.
> Instead of allow-update, I'd like to suggest you read up on the `grant'
> statement which allows a much finer granularity on DDNS.
I have trying:
update-policy { grant key subdomain my.zone any; }; (described in this book)
but it doesn't work.
--
Pozdrawiam,
Aleksander Kurczyk
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Securing zone transfer and DDNS Aleksander Kurczyk <aleksanderkurczyk@o2.pl> - 2011-11-07 17:04 +0100
csiph-web