/dev/rob0 wrote: > FWIW, Alberto, Windows clients do speak 2136. I think they do it by > default, regardless of the type of nameserver they're contacting. > > A confusing thing about Alberto's description is the apparent idea > that dnsmasq does not support dynamic DNS. On the contrary, that's > what it does, exceptionally well, by combining the DHCPd with the > nameserver. Dynamic DNS for DHCP clients is a strong point for > dnsmasq.
This might be a good idea! Dnsmasq allows to include files and reread them when they are modified. Option "addn-hosts" comes to mind: an update script might append/replace records like "<some-IP> <some-Host>" in a file. >> What good is such a drastic DNS operation when no authentication is >> defined? Other than that the RFC reads like a stripped down version >> of > > Hmm? You can use dnssec-keygen(8) keys for authentication. I admit, > I don't know as practical a way to do it in the real world; DynDNS's > protocol and my HTTP+nsupdate hack are handy for associating one > user's records with one authentication credential. DNSSEC is an entirely different beast. It is to generate key-signing- and zone-signing keys for verifying DNS responses. You propably meant ddns-confgen(8), which is used to TSIG authenticate within a DNS operation. But the problem is not how to make a secure key, /dev/random would be enough for that, but how to send it to some agent. > That's why I think my HTTP+nsupdate hack was better than DynDNS's > protocol. No special client needed, just a web browser (or a > scriptable HTTP client like wget(1).) Right. I'm using a script whenever I get a new IP (${newip} in the script) from the provider by DHCP: #!/bin/sh # bin/dyndns-update.sh # _date: 20100222-1628_ # # /l/etc/named.conf # /etc/dhcpcd.exit-hook # <url:man:1 nsupdate> iam="${0##*/}" ex=0 usage="${iam}: use ${iam} <zone> <ip>" nsupdate="/usr/local/bin/nsupdate" nsupdate_opts="" nsupdate_opts="${nsupdate_opts} -l" nsupdate_opts="${nsupdate_opts} -k /usr/local/etc/bind9/tsig-update.key" zone="${1:?${usage}}" newip="${2:?${usage}}" spf1="v=spf1 ip4:${newip} a XXX XXX ~all" update_rr=" zone ${zone} prereq yxdomain ${zone} update delete ${zone} 300 IN A update add ${zone} 300 IN A ${newip} update delete ${zone} 3600 IN TXT update add ${zone} 3600 IN TXT \"${spf1}\" send answer " echo "${update_rr}" | ${nsupdate} ${nsupdate_opts} ex=$? exit ${ex} and the key is made like this: # ddns-confgen -k /l/etc/bind9/tsig-update.key -s XXX.eu.org clemens