// // Do any local configuration here // key "nsupdate.info." { algorithm hmac-sha512; secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ=="; }; key "tests.nsupdate.info." { algorithm hmac-sha512; secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ=="; }; zone "nsupdate.info" { type master; file "/var/lib/bind/pri/nsupdate.info"; update-policy { // these "deny" entries are needed for the service domain, // if you add another domain, you may want to check the need // for other "deny" entries if the zone is not fully available. // we don't allow updates to the infrastructure hosts: deny nsupdate.info. name nsupdate.info; deny nsupdate.info. name www.nsupdate.info; deny nsupdate.info. name ipv4.nsupdate.info; deny nsupdate.info. name ipv6.nsupdate.info; // this host is for testing if the nameserver is configured correctly and reachable grant nsupdate.info. name connectivity-test.nsupdate.info A; // but we allow updates to any other host: grant nsupdate.info. subdomain nsupdate.info; }; }; zone "tests.nsupdate.info" { type master; file "/var/lib/bind/pri/tests.nsupdate.info"; update-policy { // these "deny" entries are needed for the service domain, // if you add another domain, you may want to check the need // for other "deny" entries if the zone is not fully available. // we don't allow updates to the infrastructure hosts: deny tests.nsupdate.info. name tests.nsupdate.info; deny tests.nsupdate.info. name www.tests.nsupdate.info; deny tests.nsupdate.info. name ipv4.tests.nsupdate.info; deny tests.nsupdate.info. name ipv6.tests.nsupdate.info; // but we allow updates to any other host: grant tests.nsupdate.info. subdomain tests.nsupdate.info; }; };