Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #88
| From | Aleksander Kurczyk <aleksanderkurczyk@o2.pl> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Securing zone transfer and DDNS |
| Date | 2011-11-10 17:19 +0100 |
| Message-ID | <mailman.48.1320941998.68562.bind-users@lists.isc.org> (permalink) |
| References | <21ed7915.4729b742.4eb72f52.7f82@o2.pl> <32DD7227-7F82-4D63-A4BF-D038031CCB1A@isc.org> <85ecc83.4a6e4d68.4eb81652.18c6d@o2.pl> <20111107230426.1A07F16D8A25@drugs.dv.isc.org> |
Thanks everybody for the answers.
I have one more question - how can I block every update for every zone in options section using update-policy?
logging { ... };
options {
directory "/var/named";
dnssec-enable yes;
recursion yes;
allow-recursion { 127.0.0.1; };
allow-transfer { none; };
allow-update { none; }; <<<<<<<<<<<<<<<<
};
key "rndc-key" { ... };
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
key "transfer-key" { ... };
key "ddns-key" { ... };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "my.zone" IN {
type master;
file "my.zone";
allow-transfer { key transfer-key; };
update-policy {
grant ddns-key zonesub ANY;
};
};
--
Pozdrawiam,
Aleksander Kurczyk
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Securing zone transfer and DDNS Aleksander Kurczyk <aleksanderkurczyk@o2.pl> - 2011-11-10 17:19 +0100
csiph-web