FW: NOTIFY-triggered Auto-slaving
Kevin Darcy
kcd at daimlerchrysler.com
Fri Oct 4 22:06:36 UTC 2002
bert hubert wrote:
> On Thu, Oct 03, 2002 at 09:48:26PM -0400, Kevin Darcy wrote:
>
> > Dave,
> > To be perfectly honest, I think the things most likely to fly
> > here, in descending order, are:
> >
> > 1. not touching the protocol and just enhancing implementation-specific
> > handling of NOTIFY or some other protocol feature (as I have proposed)
>
> Just to document what we do - it should work fine for all implementations as
> it does not touch the protocol.
>
> 1) An auto-slave receives an UDP (possibly spoofed) NOTIFY from an IP
> address that is on its list of supermasters.
>
> 2) The auto-slave checks if that remote indeed has a SOA for that domain.
>
> 3) It retrieves the NS records for the domain from that remote and checks
> if its own name is in there,
>
> 4) An AXFR attempt is launched which, if succesful, leads to the addition
> of the domain to the list of slave domains.
>
> With proper random IDs and source ports, this is as secure as it is going to
> be without having PKI or TSIG in place.
Well, I'm not a security expert, but I'm led to believe that no rigorous
security mechanism ever trusts an Internet source address. I'd rather stick
with crypto, thanks.
Also, your methodology appears to preclude automatic *stealth* slaves. That
seems a little inflexible.
- Kevin
More information about the bind-users
mailing list