On 2010-04-07 at 14:44 -0400, Edward Ned Harvey wrote: > So, the only issue with typical DDNS, such as MS and Bind, is the complexity > of setup. They can easily do it for DHCP clients on a LAN, assuming you're > running your own DHCP server, and you're on your own LAN, but not so easy if > requiring authentication across a WAN or stuff like that...
Right, which is why I showed exactly how to do this for small scale and pointed towards OMAPI for scripting if you want to scale up. I don't offhand know of any pre-canned install-on-your-own servers for this, only hosted services such as dyndns. There are two styles of Dynamic DNS update -- done by DHCP server and done by the client. The WAN Bonjour stuff in Apple kit does the dynamic DNS update by client, which is also what my examples covered. There's more detail in: http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html which includes how to update dhclient scripts, provided you are happy with one policy, no matter where you connect to. > Somebody like dyndns requires installation of an app on your system... which > isn't too bad, but would be nice if it were built-in to every OS (such as it > is, with pfsense.) It is on Apple. It is available in dhclient on *nix, but not as pretty. The Windows stuff does not, AFAIK, support secure updates. Returning to IPv6 and making the tunnelling less painful: http://sourceforge.net/apps/trac/ddclient/wiki/Protocols is interesting. Then there's RFC 5572, Experimental status, "IPv6 Tunnel Broker with the Tunnel Setup Protocol (TSP)" -- it'd be nice to see *that* built-in. In checking for a related issue, I noticed that the optimists have started dealing with the problem of handling IPv4-only applications when the local network is IPv6-only. draft-hain-ipv6-edit-01.txt for the curious. A sense of humour is a SHOULD for reading that draft. You might want to glance over the work of the v6ops group of the IETF, which has security considerations stuff for CPEs, IXPs, edge-routers, and "IPv6 RA-Guard". -Phil _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
