FQDNs in masters-list (was: Help: Secondary for...)

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Mar 7 03:33:10 UTC 2001

> At 4:20 PM -0500 3/6/01, Kevin Darcy wrote:
> >  Well, actually, TSIG-authenticated Dynamic Updates work fine, but this is
> >  rather beside the point: the original suggestion called for signed
> >  *NOTIFYs*, not Dynamic Updates. Signed NOTIFYs are technically illegal, bu
> t
> >  a slight extension to RFC 1996 would permit them.
> 	Do you actually have code that implements TSIG-authenticated 
> dynamic updates?  I'm not personally aware of any, but then I concede 
> that I haven't been following this issue as closely as I should.
> 	Of course, as you point out, that does actually solve only part 
> of the problem.  Indeed, I'm not convinced that even signed NOTIFYs 
> would entirely solve the rest of the problem -- when you configure a 
> nameserver to pull secondary from another, the configuration details 
> of which machine you pull secondary from are actually outside the 
> scope of the DNS protocol, and is a configuration detail of your 
> particular nameserver software.

	The signed notifies are used to tell the server to dynamically
	reconfigure itself.  Yes this is outside the protocol at present.
	Yes this requires co-operating servers.  It might not be a bad
	idea to write this up as a Informational RFC.

> --
> ======================================================================
> Brad Knowles, <brad.knowles at skynet.be>
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list