Thanks, Måns. Excuse my question closely: Is authentication of dynamic update considered as "MUST" requirement in current networks? For the "insecure" methods, is there any other ones besides rfc2136 (Dynamic Updates in the Domain Name System) ?
> -----Original Message----- > From: Måns Nilsson [mailto:mansa...@besserwisser.org] > Sent: Monday, August 15, 2011 5:18 PM > To: Leo Liu(bing) > Cc: dnsop@ietf.org; re...@ietf.org > Subject: Re: [DNSOP] Dynamic DNS Update Deployment?? > > Subject: RE: [DNSOP] Dynamic DNS Update Deployment?? Date: Mon, Aug 15, > 2011 at 08:26:21AM +0000 Quoting Leo Liu(bing) (leo.liub...@huawei.com): > > Hi, Måns > > > > Thanks for the info, that's quite helpful. So can we assume that > Windows-based DNS systems have been widely deployed rfc3007? > > No. They _do_ use dynamic updates, but they use GSS-TSIG (More or less > according to rfc3645) to authenticate. My point was, perhaps less than well > stated, that dynamic updates are frequently used. > > As to the division between authentication methods, I'd _guess_ that GSS-TSIG > leads, followed by http (dyndns.org et. al.) and the other methods in a long > tail > with "insecure updates" forming a serious bump in said tail. > > -- > Måns Nilsson primary/secondary/besserwisser/machina > MN-1334-RIPE +46 705 989668 > First, I'm going to give you all the ANSWERS to today's test ... So just > plug in > your SONY WALKMANS and relax!! _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
