TSIG with dynamic update
Martin McCormick
martin at dc.cis.okstate.edu
Thu May 19 16:08:50 UTC 2005
Mats Dufberg writes:
>If I'd like to give a computer with dynamic IP address (behind DHCP) the
>possibility to do dynamic update, can I then use TSIG?
You certainly can.
nsupdate -k $HOME/allmykeys/Kkeyname $1
I took that with a few little changes so as not to make life
too easy for the dark side right out of a script I use to quickly do
ns updates using a file whose name you pass to the script as the first
parameter. Let's call the script u_ns for update name server and our
file can be named thechanges so you simply get on to any system on
which you keep the tsig keys for the server you want to update and
then run your script like:
u_ns thechanges
and look for any complaints such as not being able to use the key or
syntax errors in the nslookup commands in your file.
nsupdate -k $HOME/allmykeys/Kkeyname
gives you whatever you have set PS2 to in your shell so you
can directly enter nsupdate commands if you like.
The main thing to keep in mind is that that tsig key will work
from anywhere that you haven't blocked via some other means. It is
potentially a great labor-saving device or a great danger should it
get in to the wrong hands so take care. It will definitely work from
anywhere.
Martin McCormick WB5AGZ Stillwater, OK
OSU Information Technology Division Network Operations Group
More information about the bind-users
mailing list