Dynamic/Secure DNS
Dan Nicolae
Dan.Nicolae at usa.xerox.com
Thu Oct 21 13:48:12 UTC 1999
I hear that BIND 8.2.1 supports both dynamic and secure DNS.
Is this support related only to the name server part or the resolver
activelly supports it as well?
Let me try to explain:
I understand that this is the support I can get:
1. The name server part understands and handles the new KEY, SIG, NXT, TSIG
and TKEY resource records and and also the new UPDATE opcode and its rules.
2. The resolver part acts only as helper for the name server part to handle
the stuff mentioned above, should any communication to other name servers be
required.
Am I right?
What am I trying to find out is:
1. can the resolver update the A and PTR records when the local IP
configuration changes (host, domain, IP address). Moreover, can it use
Secure DNS to do the updates, either by default or only if it gets back a
REFUSED.
2. what are the supported security (cryptographical) mechanisms (RSA/MD5,
DSA, Kerberos, GSS etc?)
Any insight appreciated.
Can someone point me out to some documentation? I read the RFCs, but I want
to know details about BIND's implementation.
Thanks,
Dan
More information about the bind-users
mailing list