[ISC-support #13775] Requested Feature: Add a way to define restrictions on which zones may be added via catalog zone

Description

Catalog zones provide a powerful mechanism to allow dynamic control over which zones are provisioned on an authoritative server but their initial implementation assumes that the party controlling the zone data for the catalog zone is fully trusted. Numerous use cases exist where the operator of a server would like to delegate to a party permission to add and remove some zones but with restrictions on which such zones can be added (or removed.)

Request

One of our BIND Support customers has asked that we consider adding mechanisms to allow an operator using catalog zones to restrict via configuration statements which zones will be allowed to be provisioned via the catalog zone.

Links / references

The original customer request can be found in ISC Support ticket #13775