DNS can be a subdomain

Elias Pereira empbilly at gmail.com
Wed Jun 27 11:37:16 UTC 2018 

@all

I still do not see any relevant point that will take the DNS authority
leaving the AD and do something to resolve your queries. As the wiki says,
security is essential and you do not have to risk it and let the data be
compromised.

And remember, I'm at an education institute with courses in computer
science and information security. There will always be some "smart guys"
who will try to do something illegal.

I will run some tests with dns as a subdomain and I will come back here to
give you a feedback.

Thank you for now!



On Wed, Jun 27, 2018 at 1:35 AM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:

> On 06/26/2018 10:21 PM, Mark Andrews wrote:
> > And if you are not using AD you can use SIG(0) and KEY records to allow
> > hosts to authenticate updates to the DNS for their own records.
>
> I'm not quite following.  Do you mean that you can allow hosts to update
> their own RRs without requiring AD and using SIG(0) as an alternative?
>
> Or are you saying forego AD (and Kerberos) and use SIG(0) instead?
>
> #confused
>
> > Instead of registering a host with AD you add a KEY record into the DNS
> > which has the public key of the host which is to be used to sign the
> > UPDATE requests.
>
> If you're using AD for (presumably) Windows networking (and all that
> entails) you very likely want the workstations to be registered with AD.
>   The machine trust accounts are pertinent to AD's operation and the
> workstation's ability to access AD resources when users aren't logged in.
>
> #stillConfused
>
> > Unfortunately OS developers have been asleep at the wheel by not adding
> > support for this to their products.
>
> I'm seeing more and more references to SIG(0) in the last couple of
> weeks.  I think I need to refresh myself on it.
>
>
>
> --
> Grant. . . .
> unix || die
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
Elias Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180627/1eb8f1c5/attachment-0001.html>

More information about the bind-users mailing list