Commit 73fb13fe authored by Mark Andrews's avatar Mark Andrews
Browse files

1755. [func] allow-update is now settable at the options / view

                        level. [RT #6636]
parent a53259c4
......@@ -25,7 +25,8 @@
1756. [func] named-checkconf now checks the logging configuration.
[RT #12352]
1755. [placeholder] rt6636
1755. [func] allow-update is now settable at the options / view
level. [RT #6636]
1754. [bug] We wern't always attempting to query the parent
server for the DS records at the zone cut.
......
......@@ -15,7 +15,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.docbook,v 1.4 2004/10/21 00:58:33 marka Exp $ -->
<!-- $Id: named.conf.docbook,v 1.5 2004/11/11 01:08:23 marka Exp $ -->
<refentry>
<refentryinfo>
......@@ -252,6 +252,7 @@ options {
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
notify <replaceable>notifytype</replaceable>;
......@@ -380,6 +381,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
notify <replaceable>notifytype</replaceable>;
......
......@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.258 2004/10/21 00:54:04 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.259 2004/11/11 01:08:24 marka Exp $ -->
<book>
<title>BIND 9 Administrator Reference Manual</title>
......@@ -989,7 +989,7 @@ protocol is specified in RFC 1996.
messages. The format and meaning of these messages is specified
in RFC 2136.</para>
<para>Dynamic update is enabled on a zone-by-zone basis, by
<para>Dynamic update is enabled by
including an <command>allow-update</command> or
<command>update-policy</command> clause in the
<command>zone</command> statement.</para>
......@@ -2733,6 +2733,7 @@ statement in the <filename>named.conf</filename> file:</para>
<optional> allow-query-cache { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
<optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
......@@ -3483,6 +3484,15 @@ host from retrieving data that is already in the server's cache.
</para>
</listitem></varlistentry>
<varlistentry><term><command>allow-update</command></term>
<listitem><para>Specifies which hosts are allowed to
submit Dynamic DNS updates for master zones. The default is to deny
updates from all hosts. Note that allowing updates based
on the requestor's IP address is insecure; see
<xref linkend="dynamic_update_security"/> for details.
</para>
</listitem></varlistentry>
<varlistentry><term><command>allow-update-forwarding</command></term>
<listitem><para>Specifies which hosts are allowed to
submit Dynamic DNS updates to slave zones to be forwarded to the
......@@ -4761,12 +4771,8 @@ in <xref linkend="access_control"/>.</para>
</listitem></varlistentry>
<varlistentry><term><command>allow-update</command></term>
<listitem><para>Specifies which hosts are allowed to
submit Dynamic DNS updates for master zones. The default is to deny
updates from all hosts. Note that allowing updates based
on the requestor's IP address is insecure; see
<xref linkend="dynamic_update_security"/> for details.
</para>
<listitem><para>See the description of <command>allow-update</command>
in <xref linkend="access_control"/>.</para>
</listitem></varlistentry>
<varlistentry><term><command>update-policy</command></term>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.40 2004/10/21 00:54:05 marka Exp $ */
/* $Id: namedconf.c,v 1.41 2004/11/11 01:08:24 marka Exp $ */
#include <config.h>
......@@ -755,6 +755,7 @@ static cfg_clausedef_t
zone_clauses[] = {
{ "allow-query", &cfg_type_bracketed_aml, 0 },
{ "allow-transfer", &cfg_type_bracketed_aml, 0 },
{ "allow-update", &cfg_type_bracketed_aml, 0 },
{ "allow-update-forwarding", &cfg_type_bracketed_aml, 0 },
{ "allow-notify", &cfg_type_bracketed_aml, 0 },
{ "notify", &cfg_type_notifytype, 0 },
......@@ -794,7 +795,6 @@ zone_clauses[] = {
static cfg_clausedef_t
zone_only_clauses[] = {
{ "type", &cfg_type_zonetype, 0 },
{ "allow-update", &cfg_type_bracketed_aml, 0 },
{ "file", &cfg_type_qstring, 0 },
{ "journal", &cfg_type_qstring, 0 },
{ "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE },
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment