1

I'm running bind9 as DNS server, and have one zone set up to allow dynamic updates (think of my private DynDNS). IP ranges of those "dynamic hosts" cannot be foreseen, let alone specific IPs. But I want those "dynamic hosts" to be allowed recursion – while "foreign hosts" should not be allowed.

Updates take place remotely via nsupdate and a shared key.

Now my question: How can I automatically update the corresponding ACL whenever an IP update takes place?

The allow-recursion keyword doesn't accept a "zone" as parameter. Performing actions as root via ssh is unwanted (not the least because the machine wouldn't permit root-logins via SSH). Thus, a "configuration approach" is strongly favored.

PS: if there is a way to include hostnames (FQDN) in acl clauses, that might provide a viable work-around.

Izzy
  • 349
  • 4
  • 19
  • FQDN in acl would help a long way. Unfortunately that particular avenue appears usually to require an outside solution – zaTricky Jul 09 '18 at 12:32
  • According to the documentation I've seen so far, ACLs only accept ACL names, keys and IPs, but not host names (`address_match_list`; I've never seen an example with host names in ACLs). If FQDNs could be added into ACLs, that would be something I could live with. – Izzy Jul 09 '18 at 12:43

0 Answers0