Bootscript reorganization

Bryan Kadzban bryan at kadzban.is-a-geek.net
Fri Jul 8 21:02:30 PDT 2011


Zachary Kotlarek wrote:
> On Jul 7, 2011, at 10:05 PM, Bryan Kadzban wrote:
>> I dislike having the DHCP client update DNS on its own, because (a)
>>  that requires some sort of authentication to do correctly (rather 
>> than just a shared key between the DHCP and DNS servers, which is 
>> what I have now),
> 
> If you're going to accept an unauthenticated DHCP request with an 
> arbitrary hostname as the basis for the DNS update I don't see a lot 
> of value in authenticating later portions of the same transaction.

Hmm, good point.

OTOH I thought the BIND config for updates required a key, although that
may have been my misreading of some manpages.  It was several years ago
as well; maybe it has all changed by now.

It does prevent a client from directly editing another client's entries
(assuming the DHCP server does proper checks) -- but it's possible to
fake a DHCP release from the other client (since it's all pseudo-UDP),
and this will probably accomplish the same thing.

Never looked into mdns, though I probably should at some point.  (The
windows support is no longer required at the moment.  It did make life a
fair bit easier at the time, but it's been a while now.  It's also been
a *long* time since I rebuilt that box.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20110708/a96e8bc3/attachment.sig>


More information about the lfs-dev mailing list