use nsupdate to secure update windows DNS
Kevin Darcy
kcd at daimlerchrysler.com
Tue Dec 6 00:03:54 UTC 2005
Jacky Sun wrote:
>On 12/3/05, Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>
>
>>>Does anyone know any linux client that can "secure updates" a
>>>AD-integrated windows DNS server?
>>>
>>>
>>>
>>Well, what exactly are you trying to accomplish here?
>>
>>
>
>
>I just simply want to register my arm-based linux device's IP adress into
>the windows DNS server. I can do this now using nsupdate when the windows
>DNS server's "allow dynamic update" setting set to yes. But when it set to
>"only secure updates", nsupdate won't work.
>
>Lucent's QIP
>
>
>>product has the ability to perform Secure Dynamic Updates in the
>>Microsoft flavor, and it runs on Linux, but it wouldn't really be
>>cost-effective, I don't think, to e.g. run separate instances of QIP on
>>dozens of Linux workstations just so they can register their dynamic IPs
>>in an AD domain.
>>
>>
>
>
>I agree, and I am also not sure if it will suport ARM cpu and how big is the
>binary, I am very tight on space.
>
>If you're just looking to push some arbitrary
>
>
>>information securely into an AD-integrated DNS domain, you might be
>>better off looking at the (Kerberized) LDAP side of things, since (as I
>>understand it, at least) that's the backend information store for AD
>>anyway, with DNS just being "published" from that LDAP data.
>>
>>
>
>
>It seems that is a new area to explore, would you give more specify
>information, for example the project name for the Kerberized LDAP client?
>
Well, www.openldap.org claims to have C libraries -- an API actually --
that allow LDAP connections with authentication via TLS and/or SASL, and
I would *assume* that Kerberos could hook into that framework, but
frankly, this is getting out of my expertise and off-topic for bind-users...
- Kevin
More information about the bind-users
mailing list