Bind8 Dynamic DNS How-To?

Jeff Newton Jeff_Newton at pmc-sierra.com
Tue Jun 13 21:58:13 UTC 2000


It would seem to me that Win2K boxes aren't the problem here as any
other client with "permission" to send updates could stomp on any
DNS entry.

Is stronger-authenticated updates in the works for a future Bind
release?

Cheers,

> Jeff Newton wrote:
> 
> > I've been using Bind 8.2.2 for a while now but I'd like to start
> > implementing the dynamic DNS features for our many DHCP Windoze
> > machines.  Plus with Win2K fast approaching.....
> 
> Prepare to be disappointed. From what I gather, there is no way for
> Win2K to make strongly-authenticated Dynamic Updates to BIND, and
> without proper authentication, not only is there the obvious 
security
> risk, but there's really nothing to stop the Win2K boxes from 
stomping
> on each other's records (since the server can't really tell one 
client
> from another). Of course, Microsoft has this problem "solved", as 
long
> as you use *their* servers for DNS instead of BIND. Yippee.
> 
> 
> - Kevin
> 
> 

----
Jeff Newton
Security Analyst
PMC-Sierra Inc.




More information about the bind-users mailing list