[Pdns-users] DNSSEC : One key by client to update only this client's dynamic A record

David J. powerdns at davidjardin.fr
Tue Jun 22 18:18:17 UTC 2021

Hello everyone,

I would like to configure my own dyndns service. I managed to configure 
and make it work.
I try now to secure this service.

I followed with success this doc : 
https://doc.powerdns.com/authoritative/dnsupdate.html). However, as far 
as I understand there is only one key for the whole zone Which means, 
any client can update any record.

I would like to be able to generate one key per client (dnssec-keygen -n 
host ?) and authorize this key to be able to update only the associated 
Example :
- The zone is dyndns.xxx.com
- A client would like to have the dynamic record A.dyndns.xxx.com
- B would like B.dyndns.xxx.com
- A must be able to update A.dyndns.xxx.com and only this record
- Same for B.

Can someone  give me an hint, an URL to achieve that with pdns please ? 
Did I miss something in the doc ?

Thank you very much,

Best regards,

David J

More information about the Pdns-users mailing list