Re: dns takeover with dhcp-dns

To: debian-devel@lists.debian.org, debian-isp@lists.debian.org
Subject: Re: dns takeover with dhcp-dns
From: Craig Sanders <cas@taz.net.au>
Date: Sun, 30 Sep 2001 10:24:05 +1000
Message-id: <[🔎] 20010930102405.B4700@taz.net.au>
Mail-followup-to: debian-devel@lists.debian.org, debian-isp@lists.debian.org
In-reply-to: <[🔎] 20010929210433.A3716@omega.resa.es>
References: <[🔎] 20010929210433.A3716@omega.resa.es>

On Sat, Sep 29, 2001 at 09:04:33PM +0200, PiotR wrote:
> Anyone knows if dhcp-dns allows to filter some hostnames, in order    
> not to update them?. With the actual behavior its easy to take over   
> dns entries.  I'm concerned about users taking over server's dns      
> entries.                                                              

nope, not possible with dhcp-dns as it's written.

it's perl, though, and probably wouldn't be too hard to modify so that
it rejected specific names.

>  Any ideas?

use a subdomain for the dynamic entries.  don't put any servers in the 
dynamic domain.

e.g. if your main domain is "example.com", use "pn.example.com" for
dhcp-dns...then there's no chance that dhcp-dns can touch your main
domain.

("pn" == abbreviation for private network.)

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to:

References:
- dns takeover with dhcp-dns
  - From: PiotR <piotr@omega.resa.es>

Prev by Date: Re: Roach Motel For Packets...
Next by Date: Re: Roach Motel For Packets...
Previous by thread: dns takeover with dhcp-dns
Next by thread: bind: changing many serials at once
Index(es):
- Date
- Thread