On 31.12.2014 22:40, Jan Pazdziora wrote:
On Wed, Dec 31, 2014 at 10:34:37PM +0100, Jan Pazdziora wrote:
endpoints, or their users, should not be trusted to
make updates to DNS zones. TSIG signed updates from servers are still
preferred over authenticated updates from endpoints or users.
On Mon, Dec 29, 2014 at 07:12:26PM -0500, Brendan Kearney wrote:
On Mon, 2014-12-29 at 16:53 -0500, Dmitri Pal wrote:
bind-dyndb-ldap isa back end driver for BIND to get data from an LDAP
storage.
The updates are done by BIND. The IPA BIND accepts kerberos based updates.
On Wed, 2014-12-31 at 19:06 +0100, Jan Pazdziora wrote:
On Mon, Dec 29, 2014 at 07:12:26PM -0500, Brendan Kearney wrote:
On Mon, 2014-12-29 at 16:53 -0500, Dmitri Pal wrote:
bind-dyndb-ldap isa back end driver for BIND to get data from an LDAP
storage.
The updates are done by BIND.
El mié, 31-12-2014 a las 13:59 -0500, Brendan Kearney escribió:
regardless of authentication, client updates to DNS zones are still a
risk and a rogue app or user can still perform direct updates to zones,
leading to impersonation/interception of services, denial of service
attacks and more.
On Wed, Dec 31, 2014 at 01:59:32PM -0500, Brendan Kearney wrote:
i have played with nsupdate, and it does look like updates will be
allowed if i remove the access restriction, but i am losing the
authenticity of the update, since the TSIG shared secret signs the
update.
The goal is not to
On Wed, Dec 31, 2014 at 10:34:37PM +0100, Jan Pazdziora wrote:
endpoints, or their users, should not be trusted to
make updates to DNS zones. TSIG signed updates from servers are still
preferred over authenticated updates from endpoints or users.
Server has identity just like service,
On 12/29/2014 04:47 PM, Brendan Kearney wrote:
where can i find howto info around setting up bind-dyndb-ldap to accept
ddns updates from dhcp? usually, i have a shared key defined in dns and
dhcp, and the updates are authenticated. where are the docs for setting
this up in bind-dyndb-ldap?
I
