use nsupdate to secure update windows DNS
Jacky Sun
wyqjnm at gmail.com
Sat Dec 3 09:38:27 UTC 2005
On 12/3/05, Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >Does anyone know any linux client that can "secure updates" a
> >AD-integrated windows DNS server?
> >
> Well, what exactly are you trying to accomplish here?
I just simply want to register my arm-based linux device's IP adress into
the windows DNS server. I can do this now using nsupdate when the windows
DNS server's "allow dynamic update" setting set to yes. But when it set to
"only secure updates", nsupdate won't work.
Lucent's QIP
> product has the ability to perform Secure Dynamic Updates in the
> Microsoft flavor, and it runs on Linux, but it wouldn't really be
> cost-effective, I don't think, to e.g. run separate instances of QIP on
> dozens of Linux workstations just so they can register their dynamic IPs
> in an AD domain.
I agree, and I am also not sure if it will suport ARM cpu and how big is the
binary, I am very tight on space.
If you're just looking to push some arbitrary
> information securely into an AD-integrated DNS domain, you might be
> better off looking at the (Kerberized) LDAP side of things, since (as I
> understand it, at least) that's the backend information store for AD
> anyway, with DNS just being "published" from that LDAP data.
It seems that is a new area to explore, would you give more specify
information, for example the project name for the Kerberized LDAP client?
I am interested to see why nsupdate won't work with "secure update" with
M$'s server. Is that because it used M$ proprietary authencation method
prevent the open source implementation or just nobody wants this feature or
without M$ support nobody will be able to do it?
Thanks for your reply.
--
Jack
More information about the bind-users
mailing list