Bind¶

Bind configuration manipulation is based on nsupdate, which means that in theory could also be used to manipulate other dns servers which support nsupdate (such as MS).

Configuration¶

In order to communicate securely with your dns server, you would need use a key can be used by nsupdate and your named daemon using ddns-confgen or dnssec-keygen
h4. example using ddns-confen

execute 'ddns-confgen -k foreman' - this should output something like the following:

# To activate this key, place the following in named.conf, and
# in a separate keyfile on the system or systems from which nsupdate
# will be run:
key "foreman" {
    algorithm hmac-sha256;
    secret "8zOZzyhQ7LSEHXwAzLf9peDfpoeMlnJno+X0fCATehg=";
};

# Then, in the "zone" statement for each zone you wish to dynamically
# update, place an "update-policy" statement granting update permission
# to this key.  For example, the following statement grants this key
# permission to update any name within the zone:
update-policy {
    grant foreman zonesub ANY;
};

You should create a new file (such as /etc/rndc.key or other) and store the key "foreman {...} in it.
in the proxy Settings file you should point to this file location - make sure that the proxy have read permissions to this file.

In your named file, you could add the update-policy statement or something like this named example file if you need more fine grained permissions.