On 23/04/2021 14:24, Greg Donohoe wrote:

Hi Greg,

> In regards to the nsupdate, what is the best way to secure the connection,
> so to ensure that only my local server can make the amendments to the
> remote server named & zone files?
> I dont want anyone/anything else other than my local machine to make any
> changes on my remote BIND server.

You should create a TSIG key, and configure the zones on the remote
server to only accept dynamic DNS updates signed by this key. And then
use this key with nsupdate when sending your updates. Check the man page
of nsupdate and look at the '-k' and '-y' options for using tsig keys.

You can additionally also configure your remote BIND to accept updates
only from certain IP addresses. For details on how to configure this,
please read the excellent documentation (especially section 4.2.29 and
the "allow-update" option):

https://bind9.readthedocs.io/en/v9_16/

Regards,
Anand Buddhdev
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to