FQDNs in masters-list (was: Help: Secondary for...)
Jim Reid
jim at rfc1035.com
Wed Mar 7 04:28:19 UTC 2001
>>>>> "Brad" == Brad Knowles <brad.knowles at skynet.be> writes:
Brad> At 3:02 AM +0000 3/7/01, Jim Reid wrote:
>> It's called nsupdate and it comes with BIND. :-)
Brad> Hunh. Cool. Learn something new every day. ;-)
Brad> However, unless I am mistaken, this still doesn't
Brad> solve the issue of securely transmitting to a secondary
Brad> nameserver the change in IP address of the machine from
Brad> which it should be doing zone transfers, does it? Isn't
Brad> that configuration detail outside of the spec of the DNS
Brad> protocol?
Indeed. And it should remain there IMHO. For this stealth master on a
random IP address - what a bizarre concept! - there are simpler ways
to deal with the problem. These have the advantage of not "extending"
the DNS protocol or an implementation. Why not have this nomadic
master server use SSH to punt the zone{}statement - ie policy and
configuration detail - to the slave's named.conf and rely on the
public SSH keys for authentication? Why not do the Right Thing and put
the master server somewhere that has a fixed IP address? Or just make
the slave - which has a fixed IP address? - the master server for the
zone.
More information about the bind-users
mailing list