Manualshelf

DNS Configuration and Management Manual (G06.27+, H06.05+, J06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
41424344454647484950
DNS Configuration on the NonStop Server
HP DNS Configuration and Management Manual529432-003
3-6
Dynamic Update Threat
Dynamic Update Threat
The BIND default is to deny dynamic zone updates. If you have enabled this service, it
may pose a threat to the integrity of your zone files and may need to be protected.
Dynamic zone updates are also classified as a server-to-server threat.
Note. The BIND Administrator Reference Manual suggests multiple techniques for protecting
against dynamic update threats, including using the update-policy option instead of
allow-update or specifying only TSIG key names, not IP addresses, when using allow-
update.
Figure 3-3. Dynamic Update Threat
vst007.vsd
master
server
master
server
DHCP
server
Possible Security Threats
zone files
slave
server
slave
server
remote
caching
server
Client
Client
Dynamic updates