is DDNS for me?
Brad Knowles
brad.knowles at skynet.be
Wed Apr 4 23:57:47 UTC 2001
At 7:00 PM -0400 4/4/01, Kevin Darcy wrote:
> Um, TSIG-authentication exists today. nsupdate supports it. I use
> TSIG-authenticated Dynamic Updates for virtually *all* DNS updates to our
> internal DNS (everything except modifications to delegation records, since
> the BIND 8 nsupdate doesn't handle them properly).
Really? Cool.
Now, it is my understanding that once a zone is maintained with
nsupdate, you can't maintain it any other way, so you would want to
make sure that all DDNS stuff was segregated into its own sub-zone
(as is recommended today with NT servers wanting to do dynamic
updates using Microsoft proprietary extensions to the protocol). Is
this correct?
And you probably wouldn't want to hand to someone a TSIG key that
would allow them to make any and all changes they want to the root of
your zone, right?
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list