0

I have a BIND9 installation where the zones are partitioned in different views. I'd like to restrict the RNDC controls to this specific views.

Example: I want a RNDC client to be allowed to delete zones from view-A, but not from view-B.

Is it possible to implement such a configuration in BIND?

If not: any suggests for a workaround?

squillman
  • 37,883
  • 12
  • 92
  • 146
Andreas Schaefer
  • 183
  • 2
  • 7

1 Answers1

1

No, I don't believe that the control channel has any means of fine-grained access control.

One solution could be to implement a separate service that has rndc access and which has the desired user access control built in. (Eg some set of REST endpoints or whatnot that the clients can use.)

Håkan Lindqvist
  • 35,011
  • 5
  • 69
  • 94