gpg: Signature made Fri May 6 23:09:10 2022 UTC
gpg: using DSA key 0E4236CB52951E14536066222099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hi Andy,
On Fri, May 06, 2022 at 08:39:19PM +0100, Andy Bennett wrote:
> Is it possible (and if so, advisable) to use hostnames in the ACLs?
I don't think that would work, no. I think it expects an
address_match_list which is only IP addresses, basically:
https://www.zytrax.com/books/dns/ch7/address_match_list.html
> Otherwise, what's the best way to keep this information up-to-date?
Well, as 'a' is the only one that has been doing AXFRs and therefore
likely to be in ACLs, we have made an effort not to renumber it. I
don't think it has been renumbered since 2012 when we moved
everything to our own UP space. So I don't know what you would have
had for it - something starting with 212.13?
It would just be a case of us announcing the renumbering on the
announce@ mailing list, with as much notice as we could, I suppose.
Maybe we should add some serial number monitoring, so if your zone
serial number changes but ours doesn't (because AXFR failed) then
that difference would be an alert.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
