Dynamic DNS
Pierre Léonard
Pierre at leonard.nom.fr
Sat Feb 3 13:50:46 UTC 2001
Hi Kevin,
And thank you for your answer.
My english is relatevely poor, so don't hesitate to stop me If I missunderstand.
> To provide redundancy for a zone to the world in general, practically speaking a slave must have a statically-assigned address. If you were to use a
> registered slave with a dynamically-assigned address, it would not only harm your redundancy, but also your security, since if someone were to get the
> former address of your nameserver assigned to their server before all of the old A records expired from everyone's caches, they could conceivably hijack
> your domain temporarily. Do you implicitly trust *everyone* in your dynamic address pool?
I read the RFC concerning the TSIG and Dynamic update, and I understand that the transactions and in conséquence the use are secure.
You mean that the usage of dynamic IP is an open door for masquerading. Someone can use my future address and install services before me. But I understand
that the probleme occurs whatever the service behind, http, mail or DNS.
Is that correct ?
Sincerely.
--
La vie est belle Pierre Léonard
http://www.leonard.nom.fr Pierre at leonard.nom.fr
Tel : 01 39 02 71 67 -- Portable : 06 62 83 47 44
More information about the bind-users
mailing list