FQDNs in masters-list (was: Help: Secondary for...)
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Mar 7 03:33:10 UTC 2001
>
> At 4:20 PM -0500 3/6/01, Kevin Darcy wrote:
>
> > Well, actually, TSIG-authenticated Dynamic Updates work fine, but this is
> > rather beside the point: the original suggestion called for signed
> > *NOTIFYs*, not Dynamic Updates. Signed NOTIFYs are technically illegal, bu
> t
> > a slight extension to RFC 1996 would permit them.
>
> Do you actually have code that implements TSIG-authenticated
> dynamic updates? I'm not personally aware of any, but then I concede
> that I haven't been following this issue as closely as I should.
>
> Of course, as you point out, that does actually solve only part
> of the problem. Indeed, I'm not convinced that even signed NOTIFYs
> would entirely solve the rest of the problem -- when you configure a
> nameserver to pull secondary from another, the configuration details
> of which machine you pull secondary from are actually outside the
> scope of the DNS protocol, and is a configuration detail of your
> particular nameserver software.
The signed notifies are used to tell the server to dynamically
reconfigure itself. Yes this is outside the protocol at present.
Yes this requires co-operating servers. It might not be a bad
idea to write this up as a Informational RFC.
>
> --
> ======================================================================
> Brad Knowles, <brad.knowles at skynet.be>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list