Keith Moore <moore(_at_)network-heretics(_dot_)com> wrote:
Even better would be to let the application update DNS - but that would
require DNS servers to have fine-grained authentication and ACLs.
DNS servers do have fine-grained authentication and ACLs. (Though that
doesn't really solve the provisioning problem: it just moves it from
provisioning application records directly, to provisioning application
ACLs.) The problem is usually that the DNS is populated from some
configuration database which does not have such flexible access control.
http://ftp.isc.org/isc/bind9/9.10.0-P1/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
Southwest German Bight, Humber, Thames: Variable 4, becoming cyclonic, mainly
southeasterly 5 to 7 later. Slight or moderate. Thundery showers. Good,
occasionally poor.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp