1 / 11

Module 9

Module 9. Dynamic DNS (DDNS). Dynamic DNS (DDNS). Allows DNS RRs to be updated in real time from one or more locations Cannot add or delete zones (BIND – server is reloaded) BIND tool – nsupdate Windows – AD extensive use Update target defined by SOA Primary Master entry. DDNS - Usage.

sabine
Télécharger la présentation

Module 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 9 Dynamic DNS (DDNS)

  2. Dynamic DNS (DDNS) • Allows DNS RRs to be updated in real time from one or more locations • Cannot add or delete zones (BIND – server is reloaded) • BIND tool – nsupdate • Windows – AD extensive use • Update target defined by SOA Primary Master entry

  3. DDNS - Usage • DHCP – Forward and Reverse mapping (especially IPv6) • RR changes – immediately available • NOTIFY propagates to slaves • Large zones – invokes IXFR to reduce transfer times

  4. DDNS - Security

  5. DDNS - Security

  6. DDNS – Security Issues • Remote access always a problem • If I can, bad guys can • Corruptions affects master file • Propagates to all slaves • BIND disables DDNS by default

  7. DDNS – Security Control • allow-update – zone level • Allows IP/TSIG/SIG(0) access control • update-policy – RR Level • Allows IP/TSIG/SIG(0) access control • nsupdate is invoked with –k option if TSIG/SIG(0)

  8. DDNS – allow-update zone "example.com in{ type master; file "master.example.com"; allow-update {10.1.2.5;}; // this zone only .... }; zone "example.com" in{ type master; file "master.example.com"; allow-update {key "example.com";}; };

  9. DDNS – update-policy zone "example.net" in{ type master; file "master.example.net"; update-policy { grant example.com subdomain example.net ANY;}; update-policy { grant * self * A;}; update-policy { grant fred.example.net name example.net MX;}; };

  10. DDNS - nsupdate # nsupdate > server ns1.example.com > zone example.com > update add new 36000 IN A 192.168.5.4 > send > show Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERR id: 0 ;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > zone example.net > update add another.example.net. 36000 IN A 192.168.7.15 > send >quit

  11. Quick Quiz • What does DDNS stand for? • Name one typical use for DDNS? • Why is DDNS dangerous? • Name one BIND parameter that controls DDNS access? • Is DDNS enabled by default in BIND?

More Related