[Pdns-dev] Dynamic dns update support
john at ibiblio.org
Thu Feb 21 16:05:11 CET 2013
Thanks again for the help. "allow-2136-from=" seems to clear the
ACLs, and key-only auth works great.
In case anyone is interested, nsupdate works with either a bind-style
key config file (the -k option) or a key section in the nsupdate input
to powerdns. One difference seems to be that bind accepts updates
without the zone section. Powerdns refuses updates without it. I
don't mind the requirement. The spec has an RRset requirement but is
vague on whether a zone section must be present or not.
On Thu, Feb 21, 2013 at 2:37 AM, Ruben d'Arco <cyclops at prof-x.net> wrote:
> Hi John,
> Indeed, you need to enable it. You might want to go into the pdns source folder $source/pdns/docs and type 'make'.
> This will create/build the documentation. There's a chapter on rfc2136 :-)
> What the docs will tell you is that there is also a global 'allow-2136-from' setting that allows you to filter who is able to send updates.
> The default is 0.0.0.0/0 which is everybody, so be aware of that!
> You can also use ALLOW-2136-FROM and/or TSIG-ALLOW-2136 in the domainmetadata table.
> Happy rfc2136'ing ;-)
> On Wed, Feb 20, 2013 at 06:36:13PM -0500, John Reuning wrote:
>> Nevermind. 30 seconds after I sent the last email, I realized there
>> may be a config option to turn it on. 30 seconds after that, I found
>> experimental-rfc2136 in the code. nsupdate is very happy now.
>> On Wed, Feb 20, 2013 at 6:30 PM, John Reuning <john at ibiblio.org> wrote:
>> > Ruben,
>> > The rfc2136 branch builds and seems to run with normal functionality.
>> > However, zone changes submitted via nsupdate result in a REFUSED
>> > error. I tried setting loglevel=9 but don't see any debug output.
>> > Does your implementation work with nsupdate?
>> > Thanks,
>> > -John
More information about the Pdns-dev