[H-GEN] Dynamic DNS seems to have a problem - or does it?
Ewan Edwards
Edwards_Ewan_B at cat.com
Sat Mar 1 01:17:37 EST 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Friday 28 February 2003 06:26 pm, Bruce Campbell wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>
> Since you mention that named 'allows' loopback and the host's own IP
> address to update the DNS, the problem must be more subtle. Are you using
> TSIG to authenticate the updates (and thus, is the TSIG key defined
> correctly in named (key and on the zone itself) and in dhcpd) ?
I did not want to use any authentication for updates, just restrict which IP
addresses named would accept update requests from. The main reason for that
is some of the machines I want to do updates are Windows 2000 servers and I
have no clue if it is even possible to make them try to authenticate for
updates.
> Is named actually authoritative for 'minestar.au'[1], and knows that it can
> update the zone via ddns?
Yes it is authoritative for the domain, ie: there is a SOA record. And the
rest I have to double check.
>
> For a work in progress on how to do this, refer to:
>
> http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
I have now printed this out and will read it over the weekend.
>
> ( as used at most of the most of the main tech conferences )
>
> --==--
> Bruce.
>
> [1] You have made sure that queries for yon private domain don't escape
> past your gateway, yes? ;)
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list