DynDNS ?

/dev/rob0 rob0 at gmx.co.uk
Thu Jul 14 18:32:08 UTC 2005 

Michelle Konzack wrote:
> I was already thinking on this issue.
> My curent zonefiles are autogenerated by a script from a postgresql.
> There will be no problem to change the script to use 'nsupdate', ok,
> the script will be much bigger and slower, but it schould work too.

You might want to reconsider, then. You could have your CGI add the 
records to PostgreSQL.

>>I use TXT records in mine. I generate a UTC string of update and store 
>>as a TXT record. I think that's a useful feature, because it tells me 
>>when a user last updated his/her record.
> 
> I do logging too.  And I recommend it to all peoples which do such
> scripting.  Recording the source IP with timestamp is essential.

Oh sure, I log it both in apache and in the script itself. But the TXT 
record is readily accessible from anywhere ...

> Maybe you/me will get hack attempts

I don't worry much about it. Sure, it's possible. Most successful 
exploits I've seen target well-known services. Unless you have a real 
enemy who hires a real professional blackhat (and those are rare, and 
likely hard to find!) you're fine, I'm sure.

I have rooted two Red Hat machines on behalf of their owners. It was 
very easy both times. Both times, owners forgot the root passwords. 
First time, the root password was the name of the company who sold it. 
My first guess! Second time, shelled out of a proprietary binary which 
was SUID. Duh. Took about a half hour to find that opening. And there 
you have my entire cracking history ... about a half hour of real-time 
experience. :)

(Interesting aside: BOTH of these were running proprietary software. 
Both of those packages were dreadfully insecure. The one where I guessed 
the root password had something like "chmod a+rw /dev/*" in the rc.local 
file as shipped by the vendor.)

>>>This is easier as I was thinking...
>>
>>Indeed. Have fun with it.
> 
> :-)
> 
> Now I am working since 6 years and 4 month with Linux
> (since 2.0.36) and each day I have more fun.  :-)

I can relate. You and I started at about the same time. (But my Linux 
Counter number is less than half of yours, so there. ;) )
-- 
     mail to this address is discarded unless "/dev/rob0"
     or "not-spam" is in Subject: header

More information about the bind-users mailing list