FQDNs in masters-list (was: Help: Secondary for...)

[Andreas S. Oesterhelt]

Jim Reid writes:

> Indeed. And it should remain there IMHO. For this stealth master on a
> random IP address - what a bizarre concept! - there are simpler ways

First, as Kevin Darcy mentioned, signed notifies might even simplify
things where no nomadic masters are involved in that they make DOS
attacks with spoofed notifies harder.

> the DNS protocol or an implementation. Why not have this nomadic
> master server use SSH to punt the zone{}statement - ie policy and
> configuration detail - to the slave's named.conf and rely on the
> public SSH keys for authentication? 

Because not many DNS hosting providers will like the idea of allowing
their customers to alter their named configuration via ssh.

> Why not do the Right Thing and put
> the master server somewhere that has a fixed IP address?

There is quite a crowd of people who provide useful information
or service who live on DSL consumer flatrates and must accept
the disadvantages of dynamic IP addres allocation to keep the
price in an acceptable range for a non-profit project.

> Or just make
> the slave - which has a fixed IP address? - the master server for the
> zone.

Yes, nsupdate might be an alternative solution for this type of
situation, but again, while DNS hosters are used to play slave
for external masters over which they have no control, I suspect
(and it's been my experience so far) that it is much harder to
talk them into allowing dynamic update requests and again, that
rarely comes for free.

Best regards,
--Andreas