IPv6 and DNS for the residential service provider
Marco d'Itri
md at Linux.IT
Mon Sep 24 21:33:53 CEST 2012
On Sep 24, Ron Vachiyer <proutfoo at outlook.com> wrote:
> I would agree, except that TSIG-less updates are open to DoS as pretty much anyone that can reach the authoritative DNS can update whatever record they like without authentication. Unless you are suggesting using some sort of client on the customer side to perform the updates using a key-exchange system of some sort?
With BIND you can easily limit non-authenticated updates to the IP
itself or to the network. This is not perfect, but it may be good enough
for consumer networks.
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120924/d6d3b478/attachment.bin
More information about the ipv6-ops
mailing list