update policies ideas

Short history refresh: BIND9 had dynamic updates for a long time, but basically no one used them, because there was no way to make them sufficiently "safe". First there was no strong authentication, but also when that was fixed (i.e. TSIG) it was still an all-or-nothing policy while what was needed was something that allowed stuff like

"updates signed by johani.laptop.key may only change RRs that match "laptop.johani.org. A/AAAA/TXT"

"updates signed by dhcp.updater.1-127 may only change RRs that match [1-127].5.6.10.in-addr.arpa. PTR"

"updates signed by admin.key may change RRs that match "*.johani.org. ANY"

etc. Then ISC came up with the syntax and semantics for "update-policy { ...}" which made stuff work and suddenly DDNS became useful.

I think update-policy is more-than-what-is-needed, but it really is a good starting point. The crucial parts are

1. the ability to restrict updates to only be allowed for a subset of names in a zone

2. a "self" policy, to avoid having to specify every individual key in the policy, i.e. "a key with name foo.zone may only change records with an owner name of foo.zone"

3. the ability to restrict updates to only allow a subset of types for update. Most typical uses are A, AAAA, TXT and PTR (and of course ANY).

Johan