DDNS update forwarding
John Miller
johnmill at brandeis.edu
Thu Dec 12 15:16:22 UTC 2013
On 12/11/2013 08:42 PM, Mark Andrews wrote:
> In message <52A8E44A.1070509 at brandeis.edu>, John Miller writes:
>> Hello folks,
>>
>> I'm getting ready to revamp our dynamic DNS setup here on campus, and am
>> curious: what is everyone doing for update forwarding? Have you seen
>> certain clients that will send updates based on NS records rather than
>> the SOA record?
>
> Which is what the update protocol specifies as the default destination
> to send requests to.
>
>> Perhaps a better question is: has anyone been bitten by leaving update
>> forwarding disabled?
>
> If you have a hidden master and clients that follow the RFC and
> send to the nameservers then you will need to enable update forwarding.
> The exact condfiguration depends on how you are authenticating
> updates for the zone. If it is by IP address you will need to
> configure the update forwarding server to use a similar acl. If
> you are using TSIG then you can just forward all update requests.
>
> If is off by default as it is the only safe configuration when you
> don't know how the master is configured not because one shouldn't
> forward update requests.
>
> Mark
Thanks, Mark. Exactly what I wanted to know. We're using TSIG on our
master, so no reason _not_ to forward update requests.
John
More information about the bind-users
mailing list