dns updates from a windows client

Kevin Darcy kcd at chrysler.com
Tue Jan 8 22:12:15 UTC 2008 

The search path is only used when a shortname lookup is issued. If you 
use fully-qualified names (FQDNs), then the search path is irrelevant 
and you have a lot more flexibility and scalability. Note that shortname 
resolution can also present a security risk, inasmuch as it introduces 
uncertainty/ambiguity into client/server interactions, e.g. if I connect 
to a "zeus" website, using a shortname, is that 
zeus.good-and-trusted.domain.com or zeus.evil-nasty-hacked.com? It all 
depends on the contents of my search path, which is administered 
typically by Windoze whizkids who don't necessarily have a good sense of 
proper security practices.

                                                                         
                              - Kevin

Haim [Howard] Roman wrote:
> I don't know whether this suits your case, but...
>
>
> In our case, our main DNS servers are UNIX-based.  We also have MS
> domains.  We defined DNS subdomains that the MS domain controllers are
> masters for, and our main DNS servers are slave for them.  Of course,
> for this to work well, the DNS search path must be set correctly on the
> clients.  Alternatively, in your main domain, you could define aliases
> for hosts in the subdomain, e.g.,
>
>
>     alef.my.org would be an alias to alef.ms.my.org
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Haim (Howard) Roman
> Computer Center, Jerusalem College of Technology
> roman at jct.ac.il
> Phone: 052-8-592-599 (6022 from within Machon Lev)
>
>
>
> -------- Original Message  --------
> Subject: dns updates from a windows client
> From: Paul A <razor at meganet.net>
> To: bind-users at isc.org
> Date: Tue Jan 08 2008 00:14:57 GMT+0200 (IST)
>   
>> Hi, we are using bind 9 and have a couple of custoemr who frequnetly want
>> their DNS info updated. We don't want to give them access to the DNS server
>> nor do we want to intall something like webmin on the DNS server.
>>
>> We have implemented and test dynamic updates with Tsig and it works fine
>> from another linux machine. I was wondering if there are any free dns
>> software for windows that is easy to use and allow updates to a DNS server
>> using tsig updates.
>>
>> I also would like to hear what people on this list use in a situation like
>> this.
>>
>> Thanks very much, Paul
>>
>>
>>
>>   
>>     
>
>
>
>
>
>

More information about the bind-users mailing list