SUMMARY: unapproved DNS updates

From: John Hodson <john_at_LunaInternet.net>
Date: Fri Nov 02 2001 - 10:17:19 EST
Thanks for all the input. The point I did not make clear was that
fixing the clients is not an option.

The prize goes to Chris.Keladis, who pointed me to "allow-update", this
led me to the "logging" directive, and I eventually figured this out,
which works:

logging {
        channel "general_syslog" {
                severity notice;
                print-time yes;
                print-category yes;
                file "/var/adm/named.log";
        };
        channel "security_log" {
                severity notice;
                print-time yes;
                print-category yes;
                file "/var/adm/named.security";
        };
        category "default" { "general_syslog"; };
        category "security" { "security_log"; };
};

All general messages of severity notice and above go to
/var/adm/named.log, and all security messages (which includes
unapproved upadtes) go to /var/adm/named.security (could have been
/dev/null, but that didn't seem a good idea :)

At least things are a lot cleaner now.

http://www.nominum.com/resources/documentation/index.html

has an excellent pdf reference manual, great bedtime reading :)

john

_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Nov 2 09:18:22 2001

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:27 EST