|
@@ -2057,9 +2057,10 @@ what is XfroutClient xfr_client??
|
|
|
> <userinput>config add DDNS/zones</userinput>
|
|
> <userinput>config add DDNS/zones</userinput>
|
|
|
> <userinput>config set DDNS/zones[0]/origin example.org</userinput>
|
|
> <userinput>config set DDNS/zones[0]/origin example.org</userinput>
|
|
|
> <userinput>config set DDNS/zones[0]/class IN</userinput>
|
|
> <userinput>config set DDNS/zones[0]/class IN</userinput>
|
|
|
-> <userinput>config set DDNS/zones[0]/update_acl [{"action": "ACCEPT", "key": "key.example.org"}]</userinput>
|
|
+> <userinput>config add DDNS/zones[0]/update_acl {"action": "ACCEPT", "key": "key.example.org"}</userinput>
|
|
|
> <userinput>config commit</userinput>
|
|
> <userinput>config commit</userinput>
|
|
|
</screen>
|
|
</screen>
|
|
|
|
|
+ (The <quote>class</quote> can be omitted).
|
|
|
The TSIG key must be configured system wide
|
|
The TSIG key must be configured system wide
|
|
|
(see <xref linkend="xfrout"/>.)
|
|
(see <xref linkend="xfrout"/>.)
|
|
|
</para>
|
|
</para>
|
|
@@ -2068,15 +2069,16 @@ what is XfroutClient xfr_client??
|
|
|
Multiple rules can be specified in the ACL, and an ACL rule
|
|
Multiple rules can be specified in the ACL, and an ACL rule
|
|
|
can consist of multiple constraints, such as a combination of
|
|
can consist of multiple constraints, such as a combination of
|
|
|
IP address and TSIG.
|
|
IP address and TSIG.
|
|
|
- The following ACL is to allow update requests that meet the
|
|
+ The following configuration sequence will add to the previous
|
|
|
- above condition, or requests sent from a client using TSIG key
|
|
+ ACL a rule that allows update requests sent from a client
|
|
|
- name of "key.example" and has an IPv6 address of ::1.
|
|
+ using TSIG key name of "key.example" and has an IPv6 address of ::1.
|
|
|
<screen>
|
|
<screen>
|
|
|
-> <userinput>config set DDNS/zones[0]/update_acl [{"action": "ACCEPT", "key": "key.example.org"}, {"action": "ACCEPT", "from": "::1", "key": "key.example"}]</userinput>
|
|
+> <userinput>config add DDNS/zones[0]/update_acl {"action": "ACCEPT", "from": "::1", "key": "key.example"}</userinput>
|
|
|
|
|
+> <userinput>config show DDNS/zones[0]/update_acl</userinput>
|
|
|
|
|
+DDNS/zones[0]/update_acl[0] {"action": "ACCEPT", "key": "key.example.org"} any (modified)
|
|
|
|
|
+DDNS/zones[0]/update_acl[1] {"action": "ACCEPT", "from": "::1", "key": "key.example"} any (modified)
|
|
|
> <userinput>config commit</userinput>
|
|
> <userinput>config commit</userinput>
|
|
|
</screen>
|
|
</screen>
|
|
|
- (Right now, ACL cannot be updated incrementally; you need to
|
|
|
|
|
- specify the entire new list of rules at once.)
|
|
|
|
|
</para>
|
|
</para>
|
|
|
|
|
|
|
|
<note><simpara>
|
|
<note><simpara>
|
JINMEI Tatuya