bryan at kadzban.is-a-geek.net
Fri Jul 8 21:02:30 PDT 2011
Zachary Kotlarek wrote:
> On Jul 7, 2011, at 10:05 PM, Bryan Kadzban wrote:
>> I dislike having the DHCP client update DNS on its own, because (a)
>> that requires some sort of authentication to do correctly (rather
>> than just a shared key between the DHCP and DNS servers, which is
>> what I have now),
> If you're going to accept an unauthenticated DHCP request with an
> arbitrary hostname as the basis for the DNS update I don't see a lot
> of value in authenticating later portions of the same transaction.
Hmm, good point.
OTOH I thought the BIND config for updates required a key, although that
may have been my misreading of some manpages. It was several years ago
as well; maybe it has all changed by now.
It does prevent a client from directly editing another client's entries
(assuming the DHCP server does proper checks) -- but it's possible to
fake a DHCP release from the other client (since it's all pseudo-UDP),
and this will probably accomplish the same thing.
Never looked into mdns, though I probably should at some point. (The
windows support is no longer required at the moment. It did make life a
fair bit easier at the time, but it's been a while now. It's also been
a *long* time since I rebuilt that box.)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 261 bytes
Desc: OpenPGP digital signature
More information about the lfs-dev