Commit 73fb13fe authored by Mark Andrews's avatar Mark Andrews
Browse files

1755. [func] allow-update is now settable at the options / view

                        level. [RT #6636]
parent a53259c4
...@@ -25,7 +25,8 @@ ...@@ -25,7 +25,8 @@
1756. [func] named-checkconf now checks the logging configuration. 1756. [func] named-checkconf now checks the logging configuration.
[RT #12352] [RT #12352]
1755. [placeholder] rt6636 1755. [func] allow-update is now settable at the options / view
level. [RT #6636]
1754. [bug] We wern't always attempting to query the parent 1754. [bug] We wern't always attempting to query the parent
server for the DS records at the zone cut. server for the DS records at the zone cut.
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- $Id: named.conf.docbook,v 1.4 2004/10/21 00:58:33 marka Exp $ --> <!-- $Id: named.conf.docbook,v 1.5 2004/11/11 01:08:23 marka Exp $ -->
<refentry> <refentry>
<refentryinfo> <refentryinfo>
...@@ -252,6 +252,7 @@ options { ...@@ -252,6 +252,7 @@ options {
allow-query { <replaceable>address_match_element</replaceable>; ... }; allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... }; allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
notify <replaceable>notifytype</replaceable>; notify <replaceable>notifytype</replaceable>;
...@@ -380,6 +381,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> ...@@ -380,6 +381,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
allow-query { <replaceable>address_match_element</replaceable>; ... }; allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... }; allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
notify <replaceable>notifytype</replaceable>; notify <replaceable>notifytype</replaceable>;
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"> "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.258 2004/10/21 00:54:04 marka Exp $ --> <!-- File: $Id: Bv9ARM-book.xml,v 1.259 2004/11/11 01:08:24 marka Exp $ -->
<book> <book>
<title>BIND 9 Administrator Reference Manual</title> <title>BIND 9 Administrator Reference Manual</title>
...@@ -989,7 +989,7 @@ protocol is specified in RFC 1996. ...@@ -989,7 +989,7 @@ protocol is specified in RFC 1996.
messages. The format and meaning of these messages is specified messages. The format and meaning of these messages is specified
in RFC 2136.</para> in RFC 2136.</para>
<para>Dynamic update is enabled on a zone-by-zone basis, by <para>Dynamic update is enabled by
including an <command>allow-update</command> or including an <command>allow-update</command> or
<command>update-policy</command> clause in the <command>update-policy</command> clause in the
<command>zone</command> statement.</para> <command>zone</command> statement.</para>
...@@ -2733,6 +2733,7 @@ statement in the <filename>named.conf</filename> file:</para> ...@@ -2733,6 +2733,7 @@ statement in the <filename>named.conf</filename> file:</para>
<optional> allow-query-cache { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-query-cache { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional> <optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
<optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional> <optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
...@@ -3483,6 +3484,15 @@ host from retrieving data that is already in the server's cache. ...@@ -3483,6 +3484,15 @@ host from retrieving data that is already in the server's cache.
</para> </para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>allow-update</command></term>
<listitem><para>Specifies which hosts are allowed to
submit Dynamic DNS updates for master zones. The default is to deny
updates from all hosts. Note that allowing updates based
on the requestor's IP address is insecure; see
<xref linkend="dynamic_update_security"/> for details.
</para>
</listitem></varlistentry>
<varlistentry><term><command>allow-update-forwarding</command></term> <varlistentry><term><command>allow-update-forwarding</command></term>
<listitem><para>Specifies which hosts are allowed to <listitem><para>Specifies which hosts are allowed to
submit Dynamic DNS updates to slave zones to be forwarded to the submit Dynamic DNS updates to slave zones to be forwarded to the
...@@ -4761,12 +4771,8 @@ in <xref linkend="access_control"/>.</para> ...@@ -4761,12 +4771,8 @@ in <xref linkend="access_control"/>.</para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>allow-update</command></term> <varlistentry><term><command>allow-update</command></term>
<listitem><para>Specifies which hosts are allowed to <listitem><para>See the description of <command>allow-update</command>
submit Dynamic DNS updates for master zones. The default is to deny in <xref linkend="access_control"/>.</para>
updates from all hosts. Note that allowing updates based
on the requestor's IP address is insecure; see
<xref linkend="dynamic_update_security"/> for details.
</para>
</listitem></varlistentry> </listitem></varlistentry>
<varlistentry><term><command>update-policy</command></term> <varlistentry><term><command>update-policy</command></term>
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: namedconf.c,v 1.40 2004/10/21 00:54:05 marka Exp $ */ /* $Id: namedconf.c,v 1.41 2004/11/11 01:08:24 marka Exp $ */
#include <config.h> #include <config.h>
...@@ -755,6 +755,7 @@ static cfg_clausedef_t ...@@ -755,6 +755,7 @@ static cfg_clausedef_t
zone_clauses[] = { zone_clauses[] = {
{ "allow-query", &cfg_type_bracketed_aml, 0 }, { "allow-query", &cfg_type_bracketed_aml, 0 },
{ "allow-transfer", &cfg_type_bracketed_aml, 0 }, { "allow-transfer", &cfg_type_bracketed_aml, 0 },
{ "allow-update", &cfg_type_bracketed_aml, 0 },
{ "allow-update-forwarding", &cfg_type_bracketed_aml, 0 }, { "allow-update-forwarding", &cfg_type_bracketed_aml, 0 },
{ "allow-notify", &cfg_type_bracketed_aml, 0 }, { "allow-notify", &cfg_type_bracketed_aml, 0 },
{ "notify", &cfg_type_notifytype, 0 }, { "notify", &cfg_type_notifytype, 0 },
...@@ -794,7 +795,6 @@ zone_clauses[] = { ...@@ -794,7 +795,6 @@ zone_clauses[] = {
static cfg_clausedef_t static cfg_clausedef_t
zone_only_clauses[] = { zone_only_clauses[] = {
{ "type", &cfg_type_zonetype, 0 }, { "type", &cfg_type_zonetype, 0 },
{ "allow-update", &cfg_type_bracketed_aml, 0 },
{ "file", &cfg_type_qstring, 0 }, { "file", &cfg_type_qstring, 0 },
{ "journal", &cfg_type_qstring, 0 }, { "journal", &cfg_type_qstring, 0 },
{ "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE }, { "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE },
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment