Dynamic DNS updates

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Tue Jan 16 02:40:12 UTC 2001


> 
> Exactly..... This is the problem that I'm running into.

	Well sign the update message and use the key name in the
	allow-update clause.

	IP address authentication is *weak*.  It is very easy to
	spoof such traffic unless the server is behind a firewall
	that prevents spoofed updates from being received.

	We strongly recommend that only cryptographically signed
	updates are accepted.

	Mark

> 
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Michael Scheidell
> Sent: Monday, January 15, 2001 2:16 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: Dynamic DNS updates
> 
> 
> 
> "Barry Finkel" <b19141 at achilles.ctd.anl.gov> wrote in message
> news:93v9sd$duu at pub3.rc.vix.com...
> >
> > BIND 8.x already is set up to handle dynamic DNS.  To limit what IP
> > addresses are allowed to update a zone dynamically, add an
> >
> >      allow-update
> >
> > clause to the zone definition in the named.conf file.  Remember that
> > once a zone is subject to DDNS, you cannot edit the zone file
> > manually without possible loss of data.
> > ----------------------------------------------------------------------
> 
> Except, that it is possible that the ip address you are trying to update
> FROM has changed, and therefore no longer listed as an allowed ip address.
> 
> 
> 
> 
> 
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com



More information about the bind-users mailing list