BIND 9.4.1-P1: allow-update
Chris Buxton
cbuxton at menandmice.com
Tue Oct 9 17:15:39 UTC 2007
On Oct 9, 2007, at 7:06 AM, Merton Campbell Crockett wrote:
> I have defined all of the funky Microsoft Active Directory domains.
> The intent of this is to allow the Windows' systems to whale away at
> this to their hearts content and leave the basic DNS domains
> untouched.
>
> This worked fine in BIND 8. Under BIND 9.4.1-P1, there are
> complaints logged about security in the daemon.log but I can't
> determine whether or not the zones are actually being loaded or not.
>
> Merton Campbell Crockett
> m.c.crockett at roadrunner.com
Yes, the zones are loading and allowing updates. The security
warnings are just that - a warning about a questionable security
setting.
With BIND 9.5, you'll be able to use secured updates with GSS-TSIG,
so this will no longer be a problem.
Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone: +354 412 1500
Email: cbuxton at menandmice.com
www.menandmice.com
Men & Mice
We bring control and flexibility to network management
This e-mail and its attachments may contain confidential and
privileged information only intended for the person or entity to
which it is addressed. If the reader of this message is not the
intended recipient, you are hereby notified that any retention,
dissemination, distribution or copy of this e-mail is strictly
prohibited. If you have received this e-mail in error, please notify
us immediately by reply e-mail and immediately delete this message
and all its attachment.
More information about the bind-users
mailing list