unclear how to scope an ACL to permit update of only a single record in a zone
The documentation for knot.conf
mentions acl
s which can be applied to zone
objects. each acl
lists a set of permissions for a given TSIG key
object.
It's conceivable that we want to authorize a given TSIG key
object to update only a specific subset of records in the zone, rather than the entire zone (consider a DDNS client that should have permission to update only its own A and AAAA records). It's unclear from the documentation how to do this (or whether it's even possible).
I don't know whether this is a feature request, or a bug report in the documentation :)
Thanks for your maintenance work on knot!