Manualshelf

Bind 9 Administrator Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
101102103104105106107108109110
Chapter 7. BIND 9 Security Considerations
can be trivially attacked by sending the update to the slave, which will forward it to the master with its
own source IP address causing the master to approve it without question.
For these reasons, we strongly recommend that updates be cryptographically authenticated by means of
transaction signatures (TSIG). That is, the allow-update option should list only TSIG key names, not IP
addresses or network prefixes. Alternatively, the new update-policy option can be used.
Some sites choose to keep all dynamically updated DNS data in a subdomain and delegate that
subdomain to a separate zone. This way, the top-level zone containing critical data such as the IP
addresses of public web and mail servers need not allow dynamic update at all.
101