Concise Guide to DNS and BIND, The

Accepting and Doing Updates

The DNS Server

By default BIND DNS servers do not accept update requests. You must configure each zone on the server to accept updates from the appropriate clients. Those who are allowed to update zones can be defined in two ways. The easiest is to accept all update requests from a given host. This is not very secure and should only be contemplated within a firewall-protected network. Consider that it is relatively easy to spoof IP source addresses, and that anyone able to present the correct source address will be able to demolish the whole dynamic zone. Do not underestimate how simple this is; variations of spoofing have been used in a variety of attacks all over the Internet. So beware.

TSIG

Using TSIG updates ...

Get Concise Guide to DNS and BIND, The now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Concise Guide to DNS and BIND, The by Nicolai Langfeldt

Accepting and Doing Updates

The DNS Server

TSIG

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly