Change permission management
Today the permissions in iDNS is limited and more restricted to what the user can and cannot do in the webui, but it doesn't restrict what a user can do with the content of the zones once he as zone change access.
BIND has native support using DynDNS to limit users to what kind of changes they're allowed to do; for example:
update-policy {
grant user.domain.com. name hostname.domain.com. A;
}
This limits user.domain.com. (which is a RSIG key) to only be able to update the A record of hostname.domain.com. The permission levels is granular and restricts all changes based on keys. Implementation of this in iDNS would be useful for companies that wants to allow certain personnel to maintain certain records within the domain.
