Dynamic DNS Updating

[Tim]

On Wed, 2006-01-11 at 09:27 -0800, edwarner99 at yahoo.com wrote:
> I have searched the internet for this answer, but to
> have not been able to find one.

Are you including the names of the software that you're trying to use?  

e.g. dynamic +DNS +bind +dhcpd

Or you might want to try guessing at a title someone might have used for
a tutorial or howto for that sort of thing (e.g. "local DNS serving
using BIND").

> What is the proper syntax for "allow-transfer { lan; }" to do updates
> using my RNDC key? Per my example below, it does allow it but when I
> start named, I get an error that allowing update via IP address is
> insecure.

You might want to say what you want to use to update the DNS records.
I've done it with my DHCP server and BIND, but other things might
require a different approach (e.g. dynamic name hosting over the WWW,
like dyndns).  I've dropped in a few notes, below, about what worked for
me.

> // Define address range for the local domain.
> acl lan {
> 	192.168.100/24;
> 	127.0.0.0/24;
> };
> 
> options {
> 	directory "/var/named";
> 	allow-query { lan; };
> 	allow-recursion { lan; };
> 	allow-transfer { lan; };
> 	listen-on {
> 		 127.0.0.1;
> 		 192.168.100.1;
> 	};
> 
> };


I think you'll need to add:

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};


> // Localhost Zones
> zone "localhost" IN {
> 	type master;
> 	file "localhost.zone";
> 	allow-update { lan; };
> };

And change the allow-updates to:

        allow-update { key "rndckey"; };

Since I think you *can't* allow updating by IP, alone, anymore.

> // Provide a reverse lookup for the loopback address
> 127.0.0.1
> zone "0.0.127.in-addr.arpa" IN {
> 	type master;
> 	file "named.local";
> 	allow-update { lan; };
> };

I don't think you want to allow 127.0.0.1 to be updated.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.