IPv6 and DNS for the residential service provider

Marco d'Itri md at Linux.IT
Mon Sep 24 21:33:53 CEST 2012


On Sep 24, Ron Vachiyer <proutfoo at outlook.com> wrote:

> I would agree, except that TSIG-less updates are open to DoS as pretty much anyone that can reach the authoritative DNS can update whatever record they like without authentication.  Unless you are suggesting using some sort of client on the customer side to perform the updates using a key-exchange system of some sort?   

With BIND you can easily limit non-authenticated updates to the IP 
itself or to the network. This is not perfect, but it may be good enough 
for consumer networks.

-- 
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120924/d6d3b478/attachment.sig>


More information about the ipv6-ops mailing list