workaround for unwanted dynamic updates

Doug Barton DougB at DougBarton.net
Fri Dec 14 00:45:50 UTC 2001


On Thu, 13 Dec 2001, Cricket Liu wrote:

> That's a good idea.  I think it's been invented in parallel by several
> people, including my friend Mike Milligan.

	Yeah, I'm pretty sure I wasn't the first one to think of it,
although I was insufferably pleased with myself when I finally did.
Thinking outside the box, and all that.

> The only other DNS mechanism that I know of that uses the MNAME field
> is NOTIFY.  NOTIFY messages aren't sent to the name server listed in
> the MNAME field.  But if the primary master receives a NOTIFY message,
> it'll just ignore it.

	Right.. I should have mentioned that for various reasons all of
the customer name servers are configured as masters, and we update them
directly using a variety of scripts. Therefore notifies aren't a problem.

> I like the idea of setting up a name server to allow all the dynamic
> updates.  How about setting up a "dynamic update honey pot":
>
> options {
> 	allow-query { none; };
> };
>
> zone "." {
> 	type master;
> 	file "db.root";
> 	allow-update { any; };
> };
>
> I'm not sure that would work, but it'd be funny.

	Not as funny as MNAME == dns1.cp.msft.com, but still funny. :)
Thanks for the config, it'll save me some time if I decide to test that.
I'll let everyone know if we get to that point.

Doug



More information about the bind-users mailing list