Authenticated Dynamic Updates

[Gavan Fantom]

I'm running a nameserver for a dynamic zone. This zone is updated by a
script which is intended to be run on the same host that runs the
nameserver, and talks to the nameserver with nsupdate.

This all works nicely, but unfortunately any user on this host can update
the zone in any way by sending a DNS packet straight to the nameserver.

What I'd like to do is to authenticate dynamic updates (as is hinted is
possible in the config file format) such that any dynamic update must
contain a key before it will be acted on. It does not matter whether the
key is a plaintext password or a proper crypto hash, as the requests must
originate from localhost anyway.

I'm currently running BIND 8.2.1.

I understand from looking at RFCs that the best way to do this would
probably be to use an RSIG (if memory serves me correctly) in the dynamic
update packet. What I'm not sure of is how to put that in the packet in
the first place (as neither nsupdate nor Net::DNS supported it last time I
looked), whether BIND will understand it and if so, what to put in the
named.conf file.

Has anybody had any success in authenticating dynamic updates?

-- 
Gavan Fantom <gavan at ivision.co.uk>             Unix Administrator

Internet Vision                                Tel: 020 7589 4500
60 Albert Court                                Fax: 020 7589 4522
Prince Consort Road                            info at ivision.co.uk
London. SW7 2BE                         http://www.ivision.co.uk/