BIND 9.4.1-P1: allow-update

Chris Buxton cbuxton at menandmice.com
Tue Oct 9 17:15:39 UTC 2007


On Oct 9, 2007, at 7:06 AM, Merton Campbell Crockett wrote:

> I have defined all of the funky Microsoft Active Directory domains.
> The intent of this is to allow the Windows' systems to whale away at
> this to their hearts content and leave the basic DNS domains  
> untouched.
>
> This worked fine in BIND 8.  Under BIND 9.4.1-P1, there are
> complaints logged about security in the daemon.log but I can't
> determine whether or not the zones are actually being loaded or not.
>
> Merton Campbell Crockett
> m.c.crockett at roadrunner.com

Yes, the zones are loading and allowing updates. The security  
warnings are just that - a warning about a questionable security  
setting.

With BIND 9.5, you'll be able to use secured updates with GSS-TSIG,  
so this will no longer be a problem.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to  
which it is addressed. If the reader of this message is not the  
intended recipient, you are hereby notified that any retention,  
dissemination, distribution or copy of this e-mail is strictly  
prohibited. If you have received this e-mail in error, please notify  
us immediately by reply e-mail and immediately delete this message  
and all its attachment.





More information about the bind-users mailing list