workaround for unwanted dynamic updates
Doug Barton
DougB at DougBarton.net
Fri Dec 14 00:45:50 UTC 2001
On Thu, 13 Dec 2001, Cricket Liu wrote:
> That's a good idea. I think it's been invented in parallel by several
> people, including my friend Mike Milligan.
Yeah, I'm pretty sure I wasn't the first one to think of it,
although I was insufferably pleased with myself when I finally did.
Thinking outside the box, and all that.
> The only other DNS mechanism that I know of that uses the MNAME field
> is NOTIFY. NOTIFY messages aren't sent to the name server listed in
> the MNAME field. But if the primary master receives a NOTIFY message,
> it'll just ignore it.
Right.. I should have mentioned that for various reasons all of
the customer name servers are configured as masters, and we update them
directly using a variety of scripts. Therefore notifies aren't a problem.
> I like the idea of setting up a name server to allow all the dynamic
> updates. How about setting up a "dynamic update honey pot":
>
> options {
> allow-query { none; };
> };
>
> zone "." {
> type master;
> file "db.root";
> allow-update { any; };
> };
>
> I'm not sure that would work, but it'd be funny.
Not as funny as MNAME == dns1.cp.msft.com, but still funny. :)
Thanks for the config, it'll save me some time if I decide to test that.
I'll let everyone know if we get to that point.
Doug
More information about the bind-users
mailing list