SECURE Dynamic DNS
Matthew Enger
menger at dhs.org
Fri Jun 4 10:30:39 UTC 1999
Hello,
Any chance you could point me in the direction on informaiton on how to do
this?
from,
Matthew Enger
menger at dhs.org
Cricket Liu wrote:
> > While setting it up I was talking to several people on IRC who ran
> > another DNS provider and one of them showed that it is possible to spoof
> > the update packet hence makeing it possible for anyone to update the
> > dynamic zone as long as they know which IP address to send the update
> > packet from.
>
> Yup. Big problem.
>
> > I am looking for a method to protect from this problem, does anyone
> > have any ideas.
>
> How about using TSIG-authenticated dynamic updates? BIND 8.2 supports them.
> You'd have to configure the key on the updater and the server, and you might
> have to write some client code to send a TSIG-signed dynamic update, but
> that's all.
>
> cricket
>
> Acme Byte & Wire
> cricket at acmebw.com
> www.acmebw.com
>
> Attend our next DNS and BIND class! See
> www.acmebw.com/training.htm for the
> schedule and to register for upcoming
> classes.
More information about the bind-users
mailing list