Home

BIND Version 8 Features

Issue 69

From Issue #69
January 2000

Jan 01, 2000  By Eddie Harari
 in
Wondering about the latest version of BIND? Wonder no more. Mr. Harari is back this month to tell us all about it.
Dynamic Updates

BIND 8 allows authorized hosts to send the zone master server an UPDATE message. An UPDATE message can add, delete or change record information in the zone's database. The machine that sends the update message tries to find the master server for the zone from the zone's NS records. If the message is received by a slave server instead of the master server, the slave server should forward the message to the master server.

Dynamic updates are a good thing for hosts which get their IP addresses dynamically from a RARP (reverse ARP) or DHCP (dynamic host configuration protocol) server. These hosts can send an update message to the DNS server after they get their IP address from the DHCP/RARP server. The new resolver library routine, ns_update, is used by programs to send DNS update messages to the server. BIND 8 is shipped with a command-line utility, nsupdate, that gives the ability to send update messages to the zone's master server. By default, no one is allowed to dynamically update a zone; the configuration file keyword allow-update gives the system administrator the ability to configure the hosts which can send update messages for each zone. This update can help DNS and WINS to live together on the same network, since WINS also uses a dynamic-update method.

zone  "my.domain.sela.co.il" {
                    type master;
                    file "db.my.domain";
                    allow-update { 10.1.1.1;  };
                   };

This example lets the host 10.1.1.1 send update messages containing information on the my.domain.sela.co.il zone.

Conclusion

BIND 8 has many nice features, some of them needed by many network administrators. Since major security holes were discovered in earlier versions of BIND, upgrading to BIND 8 is almost a must. There are still stable older versions, such as 4.9 and later, but these do not support all the functions mentioned here.

Eddie Harari (eddie@sela.co.il) works for Sela Systems & Education in Israel as a senior manager and is involved in some security projects. He has been hacking computers for 13 years.

______________________

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions