Dynamic DNS and cnames

Kevin Darcy kcd at daimlerchrysler.com
Wed Aug 6 21:41:30 UTC 2003 

I'm not sure exactly what you mean by "dnsupdate". Is that a specific update
program? Did you mean "nsupdate", i.e. the command-line update utility that
ships with the BIND distribution?

"nsupdate" supports TSIG-signing, and I'm using that feature with no problems.

I don't have any experience with SIG(0)-authenticated updates, though, so
I can't really comment on that...


- Kevin

Ladislav Vobr wrote:

> kevin,
>
> we don't provide dynamic dns updates, so I guess there is no way to do
> it, unless I will be typing the changes it myself :-(.
> I am still under impression dnsupdate is using udp and ip authentication
> only, is that true ?
> Is there a secure protocol (TSIG,SIG0... I can use to do dnsupdate ?
>
> Ladislav
>
> Kevin Darcy wrote:
>
> >Ladislav Vobr wrote:
> >
> >
> >
> >>We are having customers with dynamic ip addresses running their services
> >>on dynamic IP addresses. We don't offer dynamic dns updates. Is there
> >>any other way customer can update his dns. The problem is like this.
> >>Customer has set up dynamic DNS service with some other DNS provider,
> >>having for example mail.dyn-dns.org be his mailserver and
> >>www.dyn-dns.org to be his web. My question is - on our dns servers
> >>customer has for example testdomain.ae configured  and he wants
> >>www.testdomain.ae and testdomain.ae to be a cname to his
> >>www.dyn-dns.org and mx record to be a cname to his mail.dyn-dns.org. As
> >>I know having cname for domain is not possible and having cname in MX
> >>record is not  correct as well, any way how to achieve this ?
> >>
> >>
> >
> >No, the name of a zone cannot legally own a CNAME record, nor is it legal
> >for the target of an MX record to be a CNAME. This "illegality" is not some
> >artificial constraint either: if you break these rules the results will be
> >unpredictable and can be rather difficult to troubleshoot. Just Don't Do
> >It.
> >
> >Your customer's only reasonable choice is to have A records for the
> >zone-apex and MX target which are updated in parallel with the dyn-dns.org
> >updates.
> >
> >
> >- Kevin
> >
> >
> >
> >
> >

More information about the bind-users mailing list