FQDNs in masters-list (was: Help: Secondary for...)
Kevin Darcy
kcd at daimlerchrysler.com
Tue Mar 6 21:20:58 UTC 2001
Brad Knowles wrote:
> At 2:09 PM +0100 3/6/01, Andreas S. Oesterhelt wrote:
>
> > Would you mind to give any suggestion how the configuration syntax for
> > this should look like? Since the stealth master doesn't have a static
> > IP address, it can't be listed in masters nor in allow-notify.
>
> The problem is that you're trying to combine security (e.g.,
> something along the lines of TSIG) with dynamic updates, and right
> now these two options are pretty much mutually exclusive.
>
> Experts have been working on this problem for some time, and I
> don't know of any solutions that have yet come out. I'd be very
> interested to see any kind of solution you might come up with that
> would actually work.
Well, actually, TSIG-authenticated Dynamic Updates work fine, but this is
rather beside the point: the original suggestion called for signed
*NOTIFYs*, not Dynamic Updates. Signed NOTIFYs are technically illegal, but
a slight extension to RFC 1996 would permit them.
- Kevin
More information about the bind-users
mailing list