[nsd-users] allow-notify on localhost
mark at NLnetLabs.nl
Tue Sep 18 09:12:08 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Thanks for your feedback!
Paul Wouters wrote:
> It would be nice if we could add the line
> allow-notify: 127.0.0.1 NOKEY
> to the server: section instead of in each zone: section. Especially, since
> it is a requirement for nsdc update.
We understand how this would make your life "easier".
On the other hand this is not something that is impossible without
In general we prefer not to add functionality that makes the config file
simpler. It creates more code in NSD (and we have the risk that we end
up creating a full language parser for the config file). So for advanced
config file management we could say use an external macro preprocessor.
The good news is that in this case we consider to create a flag with
limited functionality. We could create a flag in the "server" section,
"allow-localhost-notify" that turns allowing notifies from localhost on.
We will discuss this a bit more internally and let you know what the
> Or even make it implicit to always
> allow this from localhost (f you can't trust localhost, you have more
For security reasons, and no really good reasons in favour of it, we
won't make it trust localhost by default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the nsd-users