dns updates from a windows client
Kevin Darcy
kcd at chrysler.com
Tue Jan 8 22:12:15 UTC 2008
The search path is only used when a shortname lookup is issued. If you
use fully-qualified names (FQDNs), then the search path is irrelevant
and you have a lot more flexibility and scalability. Note that shortname
resolution can also present a security risk, inasmuch as it introduces
uncertainty/ambiguity into client/server interactions, e.g. if I connect
to a "zeus" website, using a shortname, is that
zeus.good-and-trusted.domain.com or zeus.evil-nasty-hacked.com? It all
depends on the contents of my search path, which is administered
typically by Windoze whizkids who don't necessarily have a good sense of
proper security practices.
- Kevin
Haim [Howard] Roman wrote:
> I don't know whether this suits your case, but...
>
>
> In our case, our main DNS servers are UNIX-based. We also have MS
> domains. We defined DNS subdomains that the MS domain controllers are
> masters for, and our main DNS servers are slave for them. Of course,
> for this to work well, the DNS search path must be set correctly on the
> clients. Alternatively, in your main domain, you could define aliases
> for hosts in the subdomain, e.g.,
>
>
> alef.my.org would be an alias to alef.ms.my.org
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Haim (Howard) Roman
> Computer Center, Jerusalem College of Technology
> roman at jct.ac.il
> Phone: 052-8-592-599 (6022 from within Machon Lev)
>
>
>
> -------- Original Message --------
> Subject: dns updates from a windows client
> From: Paul A <razor at meganet.net>
> To: bind-users at isc.org
> Date: Tue Jan 08 2008 00:14:57 GMT+0200 (IST)
>
>> Hi, we are using bind 9 and have a couple of custoemr who frequnetly want
>> their DNS info updated. We don't want to give them access to the DNS server
>> nor do we want to intall something like webmin on the DNS server.
>>
>> We have implemented and test dynamic updates with Tsig and it works fine
>> from another linux machine. I was wondering if there are any free dns
>> software for windows that is easy to use and allow updates to a DNS server
>> using tsig updates.
>>
>> I also would like to hear what people on this list use in a situation like
>> this.
>>
>> Thanks very much, Paul
>>
>>
>>
>>
>>
>
>
>
>
>
>
More information about the bind-users
mailing list