Hi Greg,
Read the "ddns-confgen" man page. And then read all the material here:
https://bind9.readthedocs.io/en/v9_16_13/advanced.html
Regards,
Anand
On 27/04/2021 11:27, Greg Donohoe wrote:
> Thank you for the excellent advise, it is a lot clearer to me now.
> I am checking the nsupdate & TSI
Thank you for the excellent advise, it is a lot clearer to me now.
I am checking the nsupdate & TSIG man pages for additional knowledge.
Outside of these man pages , are there any other references
(tutorials/videos) that you would recommend?
Particularly around the area of TSIG key generation & man
Anand Buddhdev wrote:
>
Anand's advice is good, as usual :-)
But a small pedantic point:
> The DNS protocol itself has recently been updated to allow for
> encryption, using DTLS (DNS-over-TLS).
DTLS usually means "datagram TLS", i.e. TLS-over-UDP (RFC 6347). There's a
spec for DNS-over-DTLS (
Hi Greg,
a TSIG key is *never* transmitted. A sender uses a TSIG key to generate
a secure hash over the DNS content being sent, and sends the hash along
with the DNS content. A receiver configured with the same key can then
verify that hash. If it can, then it can apply the DNS content.
If someon
Thanks Anand.
When using this TSIG solution is the key visible (clear) within the DNS
packet being sent to the remote server or is it encrypted?
Is this communication secure? eg if someone is sitting on the wire sniffing
the packets, would they be able to extract the key ?
Or is the security of the
Paul Kosinski via bind-users wrote:
> A couple of years ago, I tried using nsupdate to modify a dynamic (DHCP)
> IP address for my very simple domain. It worked, except that it totally
> messed up the organization of the zone file. Since the file only has 44
> active lines (which are organized lo
A couple of years ago, I tried using nsupdate to modify a dynamic (DHCP) IP
address for my very simple domain. It worked, except that it totally messed up
the organization of the zone file. Since the file only has 44 active lines
(which are organized logically), I maintain it by hand. After nsup
On 23/04/2021 14:24, Greg Donohoe wrote:
Hi Greg,
> In regards to the nsupdate, what is the best way to secure the connection,
> so to ensure that only my local server can make the amendments to the
> remote server named & zone files?
> I dont want anyone/anything else other than my local machine
Thanks for the input Anand.
Yes there is still some confusion on my part as to which option to use to
best fir my current environment.
In regards to the nsupdate, what is the best way to secure the connection,
so to ensure that only my local server can make the amendments to the
remote server named
Hi Greg,
You don't need to SSH into a remote server to do dynamic DNS updates!
The "nsupdate" tool can send the dynamic DNS updates directly to your
remote server over the DNS protocol.
You appear to be confused about what the various tools do, so here's a
summary:
1. ssh is used to log into a r
Thank you for the suggestions. I am looking into those now.
Yes we can run nsupdate again on the remote server but I would still need
to connect to the remote server to do this.
We were thinking of using SSH to the remote server but we want to explore
any other option rather than SSH for the secure
Greg Donohoe wrote:
> I have created a CI/CD pipeline in order to amend zone files using nsupdate
> based on a front end user request. This portion of the pipeline is working
> as expected so now I want to be able to connect from my pipeline runner to
> my remote BIND staging server and update th
On Thu, 2021-04-22 at 10:59 +0100, Greg Donohoe wrote:
> Hello,
> I have created a CI/CD pipeline in order to amend zone files using
> nsupdate based on a front end user request. This portion of the
> pipeline is working as expected so now I want to be able to connect
> from my pipeline runner to m
Hello,
I have created a CI/CD pipeline in order to amend zone files using nsupdate
based on a front end user request. This portion of the pipeline is working
as expected so now I want to be able to connect from my pipeline runner to
my remote BIND staging server and update the zone files on there w
14 matches
Mail list logo
