[H-GEN] Dynamic DNS seems to have a problem - or does it?

Ewan Edwards Edwards_Ewan_B at cat.com
Sat Mar 1 01:17:37 EST 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Friday 28 February 2003 06:26 pm, Bruce Campbell wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>
> Since you mention that named 'allows' loopback and the host's own IP
> address to update the DNS, the problem must be more subtle.  Are you using
> TSIG to authenticate the updates (and thus, is the TSIG key defined
> correctly in named (key and on the zone itself) and in dhcpd) ?  

I did not want to use any authentication for updates, just restrict which IP 
addresses named would accept update requests from.  The main reason for that 
is some of the machines I want to do updates are Windows 2000 servers and I 
have no clue if it is even possible to make them try to authenticate for 
updates.

> Is named actually authoritative for 'minestar.au'[1], and knows that it can 
> update the zone via ddns?

Yes it is authoritative for the domain, ie: there is a SOA record.  And the 
rest I have to double check.

>
> For a work in progress on how to do this, refer to:
>
> 	http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html

I have now printed this out and will read it over the weekend.

>
> ( as used at most of the most of the main tech conferences )
>
> --==--
> Bruce.
>
> [1] You have made sure that queries for yon private domain don't escape
>     past your gateway, yes? ;)


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list