[Pdns-dev] Dynamic dns update support

John Reuning john at ibiblio.org
Thu Feb 21 16:05:11 CET 2013


Thanks again for the help.  "allow-2136-from=" seems to clear the
ACLs, and key-only auth works great.

In case anyone is interested, nsupdate works with either a bind-style
key config file (the -k option) or a key section in the nsupdate input
to powerdns.  One difference seems to be that bind accepts updates
without the zone section.  Powerdns refuses updates without it.  I
don't mind the requirement.  The spec has an RRset requirement but is
vague on whether a zone section must be present or not.


On Thu, Feb 21, 2013 at 2:37 AM, Ruben d'Arco <cyclops at prof-x.net> wrote:
> Hi John,
> Indeed, you need to enable it. You might want to go into the pdns source folder $source/pdns/docs and type 'make'.
> This will create/build the documentation. There's a chapter on rfc2136 :-)
> What the docs will tell you is that there is also a global 'allow-2136-from' setting that allows you to filter who is able to send updates.
> The default is which is everybody, so be aware of that!
> You can also use ALLOW-2136-FROM and/or TSIG-ALLOW-2136 in the domainmetadata table.
> Happy rfc2136'ing ;-)
> Regards,
>         Ruben
> On Wed, Feb 20, 2013 at 06:36:13PM -0500, John Reuning wrote:
>> Nevermind.  30 seconds after I sent the last email, I realized there
>> may be a config option to turn it on.  30 seconds after that, I found
>> experimental-rfc2136 in the code.  nsupdate is very happy now.
>> Thanks,
>> -John
>> On Wed, Feb 20, 2013 at 6:30 PM, John Reuning <john at ibiblio.org> wrote:
>> > Ruben,
>> >
>> > The rfc2136 branch builds and seems to run with normal functionality.
>> > However, zone changes submitted via nsupdate result in a REFUSED
>> > error.  I tried setting loglevel=9 but don't see any debug output.
>> > Does your implementation work with nsupdate?
>> >
>> > Thanks,
>> >
>> > -John

More information about the Pdns-dev mailing list