On Wed, 2006-01-11 at 09:27 -0800, edwarner99@xxxxxxxxx wrote:
> I have searched the internet for this answer, but to
> have not been able to find one.
Are you including the names of the software that you're trying to use?
e.g. dynamic +DNS +bind +dhcpd
Or you might want to try guessing at a title someone might have used for
a tutorial or howto for that sort of thing (e.g. "local DNS serving
using BIND").
> What is the proper syntax for "allow-transfer { lan; }" to do updates
> using my RNDC key? Per my example below, it does allow it but when I
> start named, I get an error that allowing update via IP address is
> insecure.
You might want to say what you want to use to update the DNS records.
I've done it with my DHCP server and BIND, but other things might
require a different approach (e.g. dynamic name hosting over the WWW,
like dyndns). I've dropped in a few notes, below, about what worked for
me.
> // Define address range for the local domain.
> acl lan {
> 192.168.100/24;
> 127.0.0.0/24;
> };
>
> options {
> directory "/var/named";
> allow-query { lan; };
> allow-recursion { lan; };
> allow-transfer { lan; };
> listen-on {
> 127.0.0.1;
> 192.168.100.1;
> };
>
> };
I think you'll need to add:
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
> // Localhost Zones
> zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { lan; };
> };
And change the allow-updates to:
allow-update { key "rndckey"; };
Since I think you *can't* allow updating by IP, alone, anymore.
> // Provide a reverse lookup for the loopback address
> 127.0.0.1
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { lan; };
> };
I don't think you want to allow 127.0.0.1 to be updated.
--
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
