server statement for a dynamic host
Jim Reid
jim at rfc1035.com
Sun Apr 8 12:31:14 UTC 2001
>>>>> "Maximo" == Maximo Ramos <maximo at violadores.org> writes:
Maximo> DDNS is up an running in my test server :) however, the
Maximo> server statement requires an IP!!
Maximo> server ip_addr { bla, bla }
Why? server{} statements have nothing to do with Dynamic DNS.
Maximo> so, if his IP changes, he will try to update the dynamic
Maximo> zone, can you see the problem?
Not really. If you use TSIG for authentication of the update requests,
not the client's IP address, the problem goes away. And it's much more
secure than authentication based on the source IP address which is
easily forged. Set up a TSIG key and add it to named.conf with a key{}
statement. Provide an allow-update clause for the dynamic zone which
limits updates to clients supplying TSIG-signed requests which use
that key. Pass the TSIG "secret" to the client and have them use that
in their nsupdate requests. Consult the man page for nsupdate on how
to do that.
More information about the bind-users
mailing list