f987fae7e0
The delete() was removed because after an add() the nameserver need time to process the nsupdate query. This leads to an NXDOMAIN response on current ip check in delete() thus the delete() call fails.
32 lines
1.6 KiB
Plaintext
32 lines
1.6 KiB
Plaintext
// configuration snippet for bind 9 nameserver (put it into /etc/bind9/named.conf )
|
|
|
|
key "nsupdate.info." {
|
|
// everyone who has this key may update this zone:
|
|
// must be same algorithm as in the Domain record of the nsupdate.info based service
|
|
algorithm hmac-sha512;
|
|
// the secret is just a shared secret in base64-encoding, you don't need
|
|
// to use a special tool to create it. Some random in base64 encoding should
|
|
// be OK. must be same secret as in the Domain database record of the nsupdate.info based service
|
|
secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
|
|
};
|
|
|
|
zone nsupdate.info {
|
|
type master;
|
|
// bind9 needs write permissions into that directory and into that file:
|
|
file "/etc/bind/zones/nsupdate.info";
|
|
update-policy {
|
|
// these "deny" entries are needed for the service domain,
|
|
// if you add another domain, you may want to check the need
|
|
// for other "deny" entries if the zone is not fully available.
|
|
// we don't allow updates to the infrastructure hosts:
|
|
deny nsupdate.info. name nsupdate.info;
|
|
deny nsupdate.info. name www.nsupdate.info;
|
|
deny nsupdate.info. name ipv4.nsupdate.info;
|
|
deny nsupdate.info. name ipv6.nsupdate.info;
|
|
// this host is for testing if the nameserver is configured correctly and reachable
|
|
grant nsupdate.info. name connectivity-test.nsupdate.info A;
|
|
// but we allow updates to any other host:
|
|
grant nsupdate.info. subdomain nsupdate.info;
|
|
};
|
|
};
|