slightly improve docs of semantics of dynamic dns updates

author bert hubert <bert.hubert@netherlabs.nl>

Mon, 20 Oct 2014 18:21:20 +0000 (20:21 +0200)

committer bert hubert <bert.hubert@netherlabs.nl>

Mon, 20 Oct 2014 18:21:20 +0000 (20:21 +0200)
author bert hubert <bert.hubert@netherlabs.nl>
Mon, 20 Oct 2014 18:21:20 +0000 (20:21 +0200)
committer bert hubert <bert.hubert@netherlabs.nl>
Mon, 20 Oct 2014 18:21:20 +0000 (20:21 +0200)
diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml

index a7c1bd158cfc9e51c5e6f63d06b812f066877a89..91e028c748181de92ccbdc46ea78ff6e521e9188 100644 (file)
--- a/pdns/docs/pdns.xml
+++ b/pdns/docs/pdns.xml
@@ -15062,6 +15062,25 @@ sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR
          </varlistentry>
  
        </variablelist>
+      <para>
+       The semantics are that first a dynamic update has to be allowed
+       either by the global allow-dnsupdate-from setting, or by a per-zone
+       ALLOW-DNSUPDATE-FROM metadata setting.
+      </para>
+      <para>
+        Secondly, if a zone has a TSIG-ALLOW-DNSUPDATE metadata setting,
+        that must match too. 
+      </para>
+      <para>
+       So to only allow dynamic DNS updates to a zone based on TSIG key, and
+       regardless of IP address, set allow-dns-update-from to empty, set
+       ALLOW-DNSUPDATE-FROM to "0.0.0.0/0" and "::/0" and set the
+       TSIG-ALLOW-DNSUPDATE to the proper key name.
+      </para>
+      <para>
+        Further information can be found in <xref
+        linkend="dnsupdate-how-it-works"/>.
+       </para>
      </sect1>
  
      <sect1 id="dnsupdate-domainmetadata"><title>Per zone settings</title>
author	bert hubert <bert.hubert@netherlabs.nl>
	Mon, 20 Oct 2014 18:21:20 +0000 (20:21 +0200)
committer	bert hubert <bert.hubert@netherlabs.nl>
	Mon, 20 Oct 2014 18:21:20 +0000 (20:21 +0200)