Hello Ttreusch,

While we could allow/deny specific keywords for a resource record using custom Host-name policy feature in NIOS, this applies only to Static RRs & the kind of insertion you're referring to is Dynamic. From NIOS documentation - section Host-Name policy :  

"Apply policy to dynamic updates and inbound zone transfers (requires Strict Hostname Checking setting) "

The regular expression for Strict HostName policy cannot be altered in NIOS & hence, the use-case cannot be accommodated within its ruleset. 

Indirect solution that you may consider:

If you're trying to restrict usage of specific words for a new A/Host RR's Label within a particular zone, you may consider creating a mock-up CNAME RR with this Label. For example, the word is "domain" & the zone is "infoblox.com", just create a new CNAME record under "infoblox.com" pointing to some unresolvable canonical name.

Now if someone try to resolve "domain.infoblox.com" it resolves to NXDOMAIN as it would do before - so i guess no harm here & future addition attempts for domain.infoblox.com A record fails since bind doesn't let you create a non-Canonical record alongside a CNAME.

I agree this can't be relied upon as a solution, but it'll do the trick. If there are many such names, you may consider a CSV import for CNAMEs with a dummy target which resolves to NXDOMAIN.

Best regards,

The DHCP server can send dynamic updates to an external primary server that you specify. For each IP space, you can specify the zone to be updated and the IP address of the primary server for that zone. surveyzop