Thanks, Måns. Excuse my question closely: Is authentication of dynamic update considered as "MUST" requirement in current networks? For the "insecure" methods, is there any other ones besides rfc2136 (Dynamic Updates in the Domain Name System) ?
> -----Original Message----- > From: Måns Nilsson [mailto:[email protected]] > Sent: Monday, August 15, 2011 5:18 PM > To: Leo Liu(bing) > Cc: [email protected]; [email protected] > Subject: Re: [DNSOP] Dynamic DNS Update Deployment?? > > Subject: RE: [DNSOP] Dynamic DNS Update Deployment?? Date: Mon, Aug 15, > 2011 at 08:26:21AM +0000 Quoting Leo Liu(bing) ([email protected]): > > Hi, Måns > > > > Thanks for the info, that's quite helpful. So can we assume that > Windows-based DNS systems have been widely deployed rfc3007? > > No. They _do_ use dynamic updates, but they use GSS-TSIG (More or less > according to rfc3645) to authenticate. My point was, perhaps less than well > stated, that dynamic updates are frequently used. > > As to the division between authentication methods, I'd _guess_ that GSS-TSIG > leads, followed by http (dyndns.org et. al.) and the other methods in a long > tail > with "insecure updates" forming a serious bump in said tail. > > -- > Måns Nilsson primary/secondary/besserwisser/machina > MN-1334-RIPE +46 705 989668 > First, I'm going to give you all the ANSWERS to today's test ... So just > plug in > your SONY WALKMANS and relax!! _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
