DDNS front-ends
Michael Fuhr
mfuhr at dimensional.com
Thu Jan 4 03:09:48 UTC 2001
On Wed, Jan 03, 2001 at 06:54:18PM -0500, Kevin Darcy wrote:
> (I may eventually ditch nsupdate altogether in favor of the DNS-update
> capabilities of the Net::DNS Perl module just as soon as a) it supports
> TSIG-authentication, and b) I find out why there's a big red flag in the .pm
> file warning that the update functions are not for production use).
The latest development version of Net::DNS has partial TSIG support.
Queries and updates can be signed but Net::DNS doesn't validate the
responses yet. This partial implementation may be satisfactory if the
main concern is that the nameserver be able to validate the queries or
updates it receives; it's not satisfactory if the client needs to
validate responses as well. You can get the development version of
Net::DNS from:
http://www.fuhr.org/~mfuhr/perldns/
I wrote the warning about dynamic updates back when I first implemented
the functionality and it hadn't been tested much. I'm more comfortable
with it now, and I'm aware of one large company that has used Net::DNS
to make hundreds of dynamic updates per day for three years without any
known problems.
You're welcome to contact me privately if you'd like to discuss
Net::DNS capabilities further.
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/
More information about the bind-users
mailing list