Using RNDC to control remote access to my BIND server
Greg Donohoe
dubgregd at gmail.com
Fri Apr 23 12:24:47 UTC 2021
Thanks for the input Anand.
Yes there is still some confusion on my part as to which option to use to
best fir my current environment.
In regards to the nsupdate, what is the best way to secure the connection,
so to ensure that only my local server can make the amendments to the
remote server named & zone files?
I dont want anyone/anything else other than my local machine to make any
changes on my remote BIND server.
Rgds,
Greg.
On Fri, Apr 23, 2021 at 11:21 AM Anand Buddhdev <anandb at ripe.net> wrote:
> Hi Greg,
>
> You don't need to SSH into a remote server to do dynamic DNS updates!
> The "nsupdate" tool can send the dynamic DNS updates directly to your
> remote server over the DNS protocol.
>
> You appear to be confused about what the various tools do, so here's a
> summary:
>
> 1. ssh is used to log into a remote server, get a shell, and run
> operating system commands.
>
> 2. rndc is for controlling a running BIND server. It can be used to
> check the status of BIND, reload it, etc.
>
> 3. nsupdate is for modifying a zone directly (whether on the local
> machine, or some remote machine) using the dynamic DNS protocol.
>
> Having read your message, it seems that you need to use "nsupdate". You
> don't need "ssh" or "rndc" for this.
>
> Regards,
> Anand
>
> On 23/04/2021 11:50, Greg Donohoe wrote:
>
> > Thank you for the suggestions. I am looking into those now.
> > Yes we can run nsupdate again on the remote server but I would still need
> > to connect to the remote server to do this.
> > We were thinking of using SSH to the remote server but we want to explore
> > any other option rather than SSH for the secure connection.
> > I was thinking that it may be possible to use RNDC or some other tool to
> > update the remote BIND server zone files (either by modifying the zone
> file
> > that is already there or replacing the zone file with the new one I
> created
> > locally).
> > RNDC looks like it is a non starter for what I want but nsdiff may be a
> > good option.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210423/2a46e262/attachment.htm>
More information about the bind-users
mailing list