Getting "unapproved update from" slave servers
Jim Reid
jim at mpn.cp.philips.com
Wed Aug 25 11:46:55 UTC 1999
>>>>> "Edmund" == Edmund <c990077 at hk.china.com> writes:
Edmund> Is there a way to disable dynamic update ?
It's off by default in BIND. You need to apply allow-update clauses to
zone{} statements if you want to permit hosts to do dynamic
updates. This clause allow you to say which IP addresses are permitted
to make dynamic updates for some zone. Bear in mind that IP addresses
are easily forged, so allow-update isn't foolproof. It's better than
nothing, but not much better.
Edmund> only allow dynamic update from a certain host.
Personally, I wouldn't do this. There's no way I'd allow some random
box to get write access to my DNS data. The scaling and security
problems are very difficult. Secure Dynamic Update "solves" the
authentication problem, but it introduces an even bigger problem of
key management for the cryptosystem. And even with Secure Dynamic
Update, your DNS data is still vulnerable. All you get is proof beyond
reasonable doubt that the client is authorised to update the zone. So
far there are no fine-grained controls to say what resource records
that client can add/remove/change from the zone. In theory this means
the "secure" client could be authorised to add an entry for themselves
to the zone, but there's nothing stopping that client playing with the
zone's NS and MX records. Think about the consequences.
Maybe Dynamic Updates from a DHCP server sent through the loopback
interface would be OK(ish), but I would still be very wary.
More information about the bind-users
mailing list