nsupdate's choice of interface
Kenneth Porter
shiva at well.com
Wed Dec 20 10:33:46 UTC 2000
On Wed, 20 Dec 2000 09:52:31 +0000, Jim Reid wrote:
>It looks like you've misunderstood the man page.
That seems to be the case. :-)
>You should be *very* careful about controlling dynamic updates based
>on IP address. [BTW, why should the server care which interface it
>gets the update request from?]
In my case, I wanted updates only to come from another process on the
same server, ie. the DHCP server. My use of nsupdate was mainly to test
things out, and my misreading of the man page suggested that it would
use the loopback interface to make the connection. (Which I now know is
wrong.) I guess I need to add the address of the LAN interface to the
list of valid updaters.
>default nsupdate uses UDP. If you must use Dynamic DNS, use Secure
>Dynamic DNS and give the updater and updatee a shared secret that they
>can use to generate TSIG records on the update transactions. This
>allows both parties to authenticate each other. Unless a forger knows
>the shared secret, they won't be able to get the name server to
>process bogus update requests.
Ok, time to go do more reading, to see where to set this up....
Thanks for clarifying things.
Ken
mailto:shiva at well.com
http://www.sewingwitch.com/ken/
More information about the bind-users
mailing list