Zachary Kotlarek wrote: > On Jul 7, 2011, at 10:05 PM, Bryan Kadzban wrote: >> I dislike having the DHCP client update DNS on its own, because (a) >> that requires some sort of authentication to do correctly (rather >> than just a shared key between the DHCP and DNS servers, which is >> what I have now), > > If you're going to accept an unauthenticated DHCP request with an > arbitrary hostname as the basis for the DNS update I don't see a lot > of value in authenticating later portions of the same transaction.
Hmm, good point. OTOH I thought the BIND config for updates required a key, although that may have been my misreading of some manpages. It was several years ago as well; maybe it has all changed by now. It does prevent a client from directly editing another client's entries (assuming the DHCP server does proper checks) -- but it's possible to fake a DHCP release from the other client (since it's all pseudo-UDP), and this will probably accomplish the same thing. Never looked into mdns, though I probably should at some point. (The windows support is no longer required at the moment. It did make life a fair bit easier at the time, but it's been a while now. It's also been a *long* time since I rebuilt that box.)
signature.asc
Description: OpenPGP digital signature
-- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page