Zachary Kotlarek wrote:
> On Jul 7, 2011, at 10:05 PM, Bryan Kadzban wrote:
>> I dislike having the DHCP client update DNS on its own, because (a)
>>  that requires some sort of authentication to do correctly (rather 
>> than just a shared key between the DHCP and DNS servers, which is 
>> what I have now),
> 
> If you're going to accept an unauthenticated DHCP request with an 
> arbitrary hostname as the basis for the DNS update I don't see a lot 
> of value in authenticating later portions of the same transaction.

Hmm, good point.

OTOH I thought the BIND config for updates required a key, although that
may have been my misreading of some manpages.  It was several years ago
as well; maybe it has all changed by now.

It does prevent a client from directly editing another client's entries
(assuming the DHCP server does proper checks) -- but it's possible to
fake a DHCP release from the other client (since it's all pseudo-UDP),
and this will probably accomplish the same thing.

Never looked into mdns, though I probably should at some point.  (The
windows support is no longer required at the moment.  It did make life a
fair bit easier at the time, but it's been a while now.  It's also been
a *long* time since I rebuilt that box.)

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Reply via email to