search

thusoy / poff

A plain old flask frontend for PowerDNS.
MIT License
1 stars 0 forks source link

Add lua script to restrict TSIG keys to specific records #10

Open thusoy opened 7 years ago

thusoy commented 7 years ago

Like issuing a TSIG key to update _acme-challenge, or just a specific subdomain for normal DynDNS usage.

thusoy commented 7 years ago

Currently a compromised key has access to modify the entire zone, which is not adequately compartmentalized for me to sleep well...

thusoy commented 7 years ago

This also requires pdns-server 4.x and up, which is scheduled for Debian 9 (march 2017?) and available from custom apt repos.