How can I setup a large ddns service environment with Bind9?
Kevin Darcy
kcd at daimlerchrysler.com
Fri Jun 4 22:44:00 UTC 2004
won seok wrote:
>I would like to setup a ddns server that can provide the ddns service
>to a few thousands of clients.
>I want to know that the bind9 can be a proper solution for this
>condition.
>If so what operations should I do?
>As I known, the bind9 software require that same authentification key
>should be located at client and server simultaneously. If any
>administrator want to provide the ddns service to one thousand of
>clients, should the server maintain one thousand of authentification
>keys ?
>
I'm not a security expert, but my understanding is that yes, shared-key
encryption requires a unique key for each set of entities within a
particular trust domain. If that trust domain doesn't extend beyond
client and server, then you'd need a unique key on the server for each
client. If, on the other hand, some of your clients trusted
*each*other*, then you'd have clustered trust domains, each group of
clients in a trust domain could use the same shared key and this would
reduce your key-management headache. But if you're planning to offer
this service to the public, this is probably not an option...
- Kevin
More information about the bind-users
mailing list