Dynamic DNS

[Adam Lang]

I think the issue is that someone can setup DNS services on your OLD address
and hijack queries.

Example:

You have a nameserver at aaa.bbb.ccc.ddd .  10 sites remember that your name
server is at that address.  10 minutes later your nameserver moves to
address aaa.bbb.ccc.yyy .  Someone else puts up a nameserver at
aaa.bbb.ccc.ddd and makes it look like it is answering for your domain.
Those previous 10 sites, if their cache hasn't timed out, will go to the
.ddd site as opposed to checking for the new address, hence they can/will
get wrong information.

----- Original Message -----
From: "Pierre Léonard" <Pierre at leonard.nom.fr>
To: <bind-users at isc.org>
Sent: Saturday, February 03, 2001 8:50 AM
Subject: Re: Dynamic DNS


>
> Hi Kevin,
>
> And thank you for your answer.
> My english is relatevely poor, so don't hesitate to stop me If I
missunderstand.
>
> > To provide redundancy for a zone to the world in general, practically
speaking a slave must have a statically-assigned address. If you were to use
a
> > registered slave with a dynamically-assigned address, it would not only
harm your redundancy, but also your security, since if someone were to get
the
> > former address of your nameserver assigned to their server before all of
the old A records expired from everyone's caches, they could conceivably
hijack
> > your domain temporarily. Do you implicitly trust *everyone* in your
dynamic address pool?
>
>  I read the RFC concerning the TSIG and Dynamic update, and I understand
that the transactions and in conséquence the use are secure.
> You mean that the usage of dynamic IP is an open door for masquerading.
Someone can  use my future address and install services before me.  But I
understand
> that the probleme occurs whatever the service behind, http, mail or DNS.
> Is that correct ?
>
> Sincerely.
> --
>             La vie est belle          Pierre Léonard
> http://www.leonard.nom.fr      Pierre at leonard.nom.fr
> Tel : 01 39 02 71 67   --  Portable : 06 62 83 47 44
>
>