Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.42!gegeweb.eu!nntpfeed.proxad.net!proxad.net!feeder1-1.proxad.net!198.186.194.250.MISMATCH!news-out.readnews.com!news-xxxfer.readnews.com!panix!usenet.stanford.edu!not-for-mail From: =?UTF-8?Q?Aleksander_Kurczyk?= Newsgroups: comp.protocols.dns.bind Subject: =?UTF-8?Q?Re:_Securing_zone_transfer_and_DDNS?= Date: Mon, 07 Nov 2011 17:04:42 +0100 Lines: 60 Approved: bind-users@lists.isc.org Message-ID: References: <21ed7915.4729b742.4eb72f52.7f82@o2.pl> <4EB746D7.9000205@dougbarton.us> <687fd44f.1f6eb34b.4eb7ebcc.d7948@o2.pl> <20111107145934.GA2884@jmbp.jpmens.org> NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Trace: usenet.stanford.edu 1320681929 8457 149.20.64.75 (7 Nov 2011 16:05:29 GMT) X-Complaints-To: action@cs.stanford.edu To: bind-users@lists.isc.org Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org In-Reply-To: <20111107145934.GA2884@jmbp.jpmens.org> X-Originator: 95.160.160.157 X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM, SARE_SUB_ENC_UTF8,T_TO_NO_BRKTS_FREEMAIL autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:51 Dnia=207=20listopada=202011=2015:59=20Jan-Piet=20Mens=20=20napisa=C5=82(a): >=20>=20Bind=20version=20is:=209.7.4 >=20 >=20Upgrade;=209.8.1=20is=20current.=20(In=20addition,=20you're=20reading= =20a=20book=20called >=20BIND=2010=20--=20even=20though=20the=20book=20doesn't=20once=20mentio= n=20that=20software!) I'm=20using=20Mac=20OS=20X=2010.4.11=20Tiger=20on=20G4=20400=20MHz=20PPC=20= Mac=20and=20BIND=209.7.4=20is=20the=20last=20version=20that=20I'm=20able=20= to=20use. >=20I=20assume=20what=20you=20probably=20want=20to=20do=20is=20something=20= like=20this: >=20 >=20=20=20=20=20=20=20=20=20key=20"my.key"=20{ >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20algorithm=20HMAC-MD5;= >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20secret=20"xxxx"; >=20=20=20=20=20=20=20=20=20}; >=20=20=20=20=20=20=20=20=20key=20"my.key2"=20{ >=20=20=20=20=20=20=20=20=20... >=20=20=20=20=20=20=20=20=20}; >=20 >=20=20=20=20=20=20=20=20=20acl=20xferkey=20{ >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20key=20my.key2; >=20=20=20=20=20=20=20=20=20}; >=20 >=20=20=20=20=20=20=20=20=20zone=20"example.net"=20IN=20{ >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20type=20master; >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20file=20"example.net";= >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20allow-update=20{ >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20key=20"my.key"; >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20}; >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20allow-transfer=20{ >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20xferkey; >=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20}; >=20=20=20=20=20=20=20=20=20}; That's=20what=20I'm=20trying=20to=20do=20:)=20but=20what's=20with=20the=20= server=20section?=20On=20the=20book=20it's=20both=20in=20the=20master=20a= nd=20slave=20(zone=20tranasfer)=20named.conf=20files. >=20Instead=20of=20allow-update,=20I'd=20like=20to=20suggest=20you=20read= =20up=20on=20the=20`grant' >=20statement=20which=20allows=20a=20much=20finer=20granularity=20on=20DD= NS. I=20have=20trying: update-policy=20{=20grant=20key=20subdomain=20my.zone=20any;=20};=20(desc= ribed=20in=20this=20book) but=20it=20doesn't=20work. --=20 Pozdrawiam, Aleksander=20Kurczyk