Update-policy/grant name and origin appending (relative names)
Hey,
Thank you for maintaining BIND!
I'm wondering, it seems to me that an update-policy
line's name
field isn't resolved relative to the zone's name/origin. At least with BIND v9.16.1 on Ubuntu 20.04 LTS.
That is, given the below, updates don't seem to be allowed for _acme-challenge.example.com
:
zone "example.com" {
type master;
file "/etc/bind/zones/db.example.com";
update-policy { grant example-key name _acme-challenge TXT; }
}
Why is that? Wouldn't it be consistent to interpret period-less names as being relative to the zone they're defined in? Typing the fully qualified domain name (_acme-challenge.example.com
) with or without the final period does work, indicating at least some preprocessing going on, stripping the final period.
Thanks!