| Secure Dynamic Update A Tutorial |
| Caution |
| Outline |
| Questions? |
| Dynamic Update Basics |
| Getting Data Into DNS |
| Advantages of Dyn Up's |
| Uses of Dynamic Update |
| Risks of Dynamic Update |
| Other Considerations |
| "Secure" Dynamic Update |
| Tools |
| named |
| named.conf snippets |
| A static zone |
| Adding a dynamic zone |
| dynamic.myzone.example |
| Adding logging |
| Journal Files |
| dig |
| dig examples |
| nsupdate |
| nsupdate example |
| rndc |
| rndc examples |
| dnssec-keygen |
| dnssec-keygen tsig example |
| dnssec-keygen sig(0) example |
| "Secured" Dynamic Update |
| Steps |
| Configuring Keys |
| TSIG keys |
| Making TSIG keys |
| Adding TSIG to named.conf |
| Configuring TSIG AXFR |
| Testing with dig |
| Configuring a loose policy |
| "Keying" nsupdate |
| Keyed nsupdate #1 |
| Look in the logs! |
| Keyed nsupdate #2 |
| Keyed nsupdate #3 |
| A tighter policy |
| an update-policy |
| Previous slide's update-policy |
| Retrying keyed nsupdate #1 |
| Retrying #2 |
| Closer look at update-policy |
| update-policy statement |
| more complex example |
| SIG(0) keys |
| Generating a SIG(0) key |
| New zone file |
| nsupdate with SIG(0) |
| Other Dynamic Updates |
| Interaction with DHCP |
| How DHCP and DynUp Look |
| How This Happens, part 1 |
| At Lease Change Time |
| Open Issues |
| Wrap-Up |