BIND 9/8 Question DDNS Question
Kevin Darcy
kcd at daimlerchrysler.com
Thu Nov 15 23:20:08 UTC 2001
What leads you to believe that your local DHCP server has authority to
dynamically update the company.com DNS zone? If that's true, then the
company.com folks have been extremely lax with their security.
- Kevin
Rich Phillips wrote:
> I know what I've experienced, but I'm wondering if there is something new,
> that I haven't seen/enabled yet!
>
> What BIND option, if any, would prevent DNS name Hi-jacking.
>
> Scenario, What if I change my name to mail.company.com, enabled my interface
> for DHCP, and then obtained a lease. Wouldn't my newly changed name become
> the "mail.company.com" A Record. Therefore now all internal SMTP mail
> (Assuming MX records, blah, blah) would be routed to me. Page 252 in the
> "DNS Dynamic Update" chapter of DNS & BIND V4, talks, briefly about this
> occurrence, but doesn't describe the behavior that would happen.
>
> QUOTE: "only if the domain name Armageddon.fx.movie.edu isn't currently
> being used, or only if Armageddon.fx.movie.edu currently has no address
> records".
>
> Question: What happens if the DHCP Server sends an update to the Authorative
> zone server, the record exists, but has a different IP address, will it add
> it (creating a round robin), will it replace it, or what??
>
> Rich Phillips
More information about the bind-users
mailing list