DNAME usage?

Timothe Litt litt at acm.org
Tue Nov 21 15:20:11 UTC 2017 

On 17-Nov-17 18:04, Mark Andrews wrote:
> DYN used to just require a TSIG signed update request set to a server specified in
> a SRV record.
Depends on which service.  The one I referred to is the one that was
popular (free) for people who wanted to reach a machine on a dynamic IP
address.  Because it was popular, it was implemented in a number of
routers, including Linksys (low end) and Cisco (IOS).  I believe they
discontinued the free version, but the protocol lives on.

It's worse than DNS UPDATE in an number of respects - but is trivial to
implement in a router or script as the core is just an HTTP GET.
>
> We have a perfectly fine protocol for updating the DNS but DNS hosting companies
> want to reinvent the wheel.
Agree. I wish that the DNS UPDATE protocol was the only one in the
wild.  Unfortunately, (non-jail broken) routers don't provide that
option, but do provide the http ("dyn") version.  So if you want to use
a service that requires it - or want to bridge a router that supports it
to DNS UPDATE, some invention is required.  I outlined an approach that
works for me.

For reference, cisco's IOS (now) supports both methods - to some extent.

See
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dns/configuration/15-sy/dns-15-sy-book/Dynamic-DNS-Support.html#GUID-DCA9088D-EB90-46DE-9E33-306C30BB79CE

And from that page, here's the reference to dyndns (you can change the
URI for other http services; it lists 6 others)

    add
    http://test:test@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>

I use https, of course.

Naturally, IOS doesn't support TSIG - so DNS UPDATE from it has to be
authorized by IP address. :-(

2136/7 have been around since 1997, so there's really no excuse for DNS
providers not tosupport them.

But we live in a world of excuses :-(

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171121/6615b610/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4577 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171121/6615b610/attachment.bin>

More information about the bind-users mailing list