On 12/11/2013 08:42 PM, Mark Andrews wrote:
In message <52a8e44a.1070...@brandeis.edu>, John Miller writes:
Hello folks,
I'm getting ready to revamp our dynamic DNS setup here on campus, and am
curious: what is everyone doing for update forwarding? Have you seen
certain clients that will send updates based on NS records rather than
the SOA record?
Which is what the update protocol specifies as the default destination
to send requests to.
Perhaps a better question is: has anyone been bitten by leaving update
forwarding disabled?
If you have a hidden master and clients that follow the RFC and
send to the nameservers then you will need to enable update forwarding.
The exact condfiguration depends on how you are authenticating
updates for the zone. If it is by IP address you will need to
configure the update forwarding server to use a similar acl. If
you are using TSIG then you can just forward all update requests.
If is off by default as it is the only safe configuration when you
don't know how the master is configured not because one shouldn't
forward update requests.
Mark
Thanks, Mark. Exactly what I wanted to know. We're using TSIG on our
master, so no reason _not_ to forward update requests.
John
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
