From: bert hubert <bert.hubert@netherlabs.nl>
Date: Mon, 20 Oct 2014 18:21:20 +0000 (+0200)
Subject: slightly improve docs of semantics of dynamic dns updates
X-Git-Tag: rec-3.7.0-rc1~204
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6be08a898dcbf986bb8eedd2a2519df6c752d62b;p=thirdparty%2Fpdns.git

slightly improve docs of semantics of dynamic dns updates
---

diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml
index a7c1bd158c..91e028c748 100644
--- a/pdns/docs/pdns.xml
+++ b/pdns/docs/pdns.xml
@@ -15062,6 +15062,25 @@ sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR
         </varlistentry>
 
       </variablelist>
+      <para>
+      	The semantics are that first a dynamic update has to be allowed
+      	either by the global allow-dnsupdate-from setting, or by a per-zone
+      	ALLOW-DNSUPDATE-FROM metadata setting.
+      </para>
+      <para>
+        Secondly, if a zone has a TSIG-ALLOW-DNSUPDATE metadata setting,
+        that must match too. 
+      </para>
+      <para>
+      	So to only allow dynamic DNS updates to a zone based on TSIG key, and
+      	regardless of IP address, set allow-dns-update-from to empty, set
+      	ALLOW-DNSUPDATE-FROM to "0.0.0.0/0" and "::/0" and set the
+      	TSIG-ALLOW-DNSUPDATE to the proper key name.
+      </para>
+      <para>
+        Further information can be found in <xref
+        linkend="dnsupdate-how-it-works"/>.
+       </para>
     </sect1>
 
     <sect1 id="dnsupdate-domainmetadata"><title>Per zone settings</title>