1755. [func] allow-update is now settable at the options / view

level. [RT #6636]
2025-08-30 22:15:20 +00:00 · 2004-11-11 01:08:24 +00:00
parent a53259c4cc
commit 73fb13fe97
4 changed files with 21 additions and 12 deletions
--- a/3
+++ b/3
@@ -25,7 +25,8 @@
 1756.	[func]		named-checkconf now checks the logging configuration.
 			[RT #12352]

-1755.	[placeholder]	rt6636
+1755.	[func]		allow-update is now settable at the options / view
+			level. [RT #6636]

 1754.	[bug]		We wern't always attempting to query the parent
 			server for the DS records at the zone cut.
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -15,7 +15,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- $Id: named.conf.docbook,v 1.4 2004/10/21 00:58:33 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.5 2004/11/11 01:08:23 marka Exp $ -->

 <refentry>
  <refentryinfo>
@@ -252,6 +252,7 @@ options {
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
 	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };

 	notify <replaceable>notifytype</replaceable>;
@@ -380,6 +381,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
 	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };

 	notify <replaceable>notifytype</replaceable>;
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -2,7 +2,7 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">

-<!-- File: $Id: Bv9ARM-book.xml,v 1.258 2004/10/21 00:54:04 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.259 2004/11/11 01:08:24 marka Exp $ -->

 <book>
 <title>BIND 9 Administrator Reference Manual</title>
@@ -989,7 +989,7 @@ protocol is specified in RFC 1996.
    messages.  The format and meaning of these messages is specified
    in RFC 2136.</para>

-    <para>Dynamic update is enabled on a zone-by-zone basis, by
+    <para>Dynamic update is enabled by
    including an <command>allow-update</command> or
    <command>update-policy</command> clause in the
    <command>zone</command> statement.</para>
@@ -2733,6 +2733,7 @@ statement in the <filename>named.conf</filename> file:</para>
    <optional> allow-query-cache { <replaceable>address_match_list</replaceable> }; </optional>
    <optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
    <optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional>
+    <optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
    <optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
    <optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
    <optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
@@ -3483,6 +3484,15 @@ host from retrieving data that is already in the server's cache.
 </para>
 </listitem></varlistentry>

+<varlistentry><term><command>allow-update</command></term>
+<listitem><para>Specifies which hosts are allowed to
+submit Dynamic DNS updates for master zones. The default is to deny
+updates from all hosts.  Note that allowing updates based
+on the requestor's IP address is insecure; see
+<xref linkend="dynamic_update_security"/> for details.
+</para>
+</listitem></varlistentry>
+
 <varlistentry><term><command>allow-update-forwarding</command></term>
 <listitem><para>Specifies which hosts are allowed to
 submit Dynamic DNS updates to slave zones to be forwarded to the
@@ -4761,12 +4771,8 @@ in <xref linkend="access_control"/>.</para>
 </listitem></varlistentry>

 <varlistentry><term><command>allow-update</command></term>
-<listitem><para>Specifies which hosts are allowed to
-submit Dynamic DNS updates for master zones. The default is to deny
-updates from all hosts.  Note that allowing updates based
-on the requestor's IP address is insecure; see
-<xref linkend="dynamic_update_security"/> for details.
-</para>
+<listitem><para>See the description of <command>allow-update</command>
+in <xref linkend="access_control"/>.</para>
 </listitem></varlistentry>

 <varlistentry><term><command>update-policy</command></term>
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: namedconf.c,v 1.40 2004/10/21 00:54:05 marka Exp $ */
+/* $Id: namedconf.c,v 1.41 2004/11/11 01:08:24 marka Exp $ */

 #include <config.h>

@@ -755,6 +755,7 @@ static cfg_clausedef_t
 zone_clauses[] = {
 	{ "allow-query", &cfg_type_bracketed_aml, 0 },
 	{ "allow-transfer", &cfg_type_bracketed_aml, 0 },
+	{ "allow-update", &cfg_type_bracketed_aml, 0 },
 	{ "allow-update-forwarding", &cfg_type_bracketed_aml, 0 },
 	{ "allow-notify", &cfg_type_bracketed_aml, 0 },
 	{ "notify", &cfg_type_notifytype, 0 },
@@ -794,7 +795,6 @@ zone_clauses[] = {
 static cfg_clausedef_t
 zone_only_clauses[] = {
 	{ "type", &cfg_type_zonetype, 0 },
-	{ "allow-update", &cfg_type_bracketed_aml, 0 },
 	{ "file", &cfg_type_qstring, 0 },
 	{ "journal", &cfg_type_qstring, 0 },
 	{ "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE },