![]() ![]() This option sets local-host only mode, which sets the server address to localhost (disabling the server so that the server address cannot be overridden). In this case, the key specified is not an HMAC-MD5 key. The -k option can also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. Keyfiles may be in two formats: a single file containing a nf-format key statement, which may be generated automatically by ddns-confgen or a pair of files whose names are of the format K.private, which can be generated by dnssec-keygen. ![]() This option indicates the file containing the TSIG authentication key. This option forces interactive mode, even when standard input is not a terminal. This option sets debug mode, which provides tracing information about the update requests that are made and the replies received from the name server. A non-standards-compliant variant of GSS-TSIG used by Windows 2000 can be switched on with the -o flag. Standard GSS-TSIG mode is switched on with the -g flag. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server. nsupdate uses the -y or -k options to provide the TSIG shared secret these options are mutually exclusive. ddns-confgen can generate suitable configuration fragments. For instance, suitable key and server statements are added to /etc/nf so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that is using TSIG authentication. TSIG relies on a shared secret that should only be known to nsupdate and the name server. These use the TSIG resource record type described in RFC 2845, the SIG(0) record described in RFC 2535 and RFC 2931, or GSS-TSIG as described in RFC 3645. Transaction signatures can be used to authenticate the Dynamic DNS updates. Requests are sent to the zone's primary server, which is identified by the MNAME field of the zone's SOA record. ![]() The resource records that are dynamically added or removed with nsupdate must be in the same zone. Manual edits could conflict with dynamic updates and cause data to be lost. Zones that are under dynamic control via nsupdate or a DHCP server should not be edited by hand. A single update request can contain requests to add or remove more than one resource record. This allows resource records to be added or removed from a zone without manually editing the zone file. Nsupdate is used to submit Dynamic DNS Update requests, as defined in RFC 2136, to a name server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |