> Here's a possibly wrong assumption: there are BIND deployments that
> use openldap (or an RDBMS, or something else) rather than zone files
> to hold DNS mappings (name to ip address & vice versa), and these
> alternative backends are updated when the DHCP server hands out or
> revokes a lease.
> Is this so? If so, how is the DNS information updated?
There are two sorts of DLZ driver out there -- the older ones that don't
support dynamic update and have to be statically linked into the "named"
binary to work, and then newer ones like Andrew Tridgell's, which are
run-time loadable and can (if desired) be written to accept updates via
dynaamic DNS.
There *is* an LDAP DLZ driver, but it's an old-style driver so it
can't accept DDNS updates. You could probably write some kind of DHCP hook
that updated the LDAP data directly, *not* using dynamic DNS, but I don't
think that's what you were asking about. To use LDAP *and* accept DDNS
updates, you'd need a new-style DLZ driver that supported LDAP, which is
certainly possible, but I don't know whether anyone's done it yet. (I'm
guessing not, though; I think I would've heard.)
> > I'm not sure what you mean by "using encryption".
>
> :-) I'm not sure either. In DHCP config, within a zone { ... }
> block, there are key <keyname> directives. It seems that BIND & DHCP
> can use a key to be sure of each other and the validity of DNS updates
> coming from the DHCP server. Am I on the right track? When I wrote
> 'encryption' this is what I was referring to.
Okay, you're talking about authentication using TSIG keys -- I thought
so, but wasn't quite sure. :)
There shouldn't be any conflict between that and DLZ.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
