Dynamic DNS updates

Will will at best.net
Tue Jan 16 02:40:55 UTC 2001


Its really only gonna be for 1 of my friends to start out..... Maybe if I
can get some ppl to help me w/ it, I might be public, but as of right now,
he is gonna be the only one..... So I guess I could passwd protect the url
for extra security.....

-----Original Message-----
From: marka at nominum.com [mailto:marka at nominum.com]On Behalf Of
Mark.Andrews at nominum.com
Sent: Monday, January 15, 2001 6:40 PM
To: Will
Cc: Michael Scheidell; comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Dynamic DNS updates



>
> Exactly..... This is the problem that I'm running into.

	Well sign the update message and use the key name in the
	allow-update clause.

	IP address authentication is *weak*.  It is very easy to
	spoof such traffic unless the server is behind a firewall
	that prevents spoofed updates from being received.

	We strongly recommend that only cryptographically signed
	updates are accepted.

	Mark

>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Michael Scheidell
> Sent: Monday, January 15, 2001 2:16 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: Dynamic DNS updates
>
>
>
> "Barry Finkel" <b19141 at achilles.ctd.anl.gov> wrote in message
> news:93v9sd$duu at pub3.rc.vix.com...
> >
> > BIND 8.x already is set up to handle dynamic DNS.  To limit what IP
> > addresses are allowed to update a zone dynamically, add an
> >
> >      allow-update
> >
> > clause to the zone definition in the named.conf file.  Remember that
> > once a zone is subject to DDNS, you cannot edit the zone file
> > manually without possible loss of data.
> > ----------------------------------------------------------------------
>
> Except, that it is possible that the ip address you are trying to update
> FROM has changed, and therefore no longer listed as an allowed ip address.
>
>
>
>
>
>
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com




More information about the bind-users mailing list