|
| |
Dynamic DNS is a system which allows the domain name data held in a name
server to be updated in real time. The most common use for this is in allowing
an Internet domain name to be assigned to a computer with a varying (dynamic) IP
address. This makes it possible for other sites on the Internet to establish
connections to the machine without needing to track the IP address themselves. A
common use is for running server software on a computer that has a dynamic IP
address, as is the case with many consumer Internet service providers.
To implement dynamic DNS it is necessary to set the maximum caching time of the
domain to an unusually short period (typically a few minutes). This prevents
other nodes on the Internet from retaining the old address in their DNS cache,
so that they will typically contact the name server of the domain for each new
connection.
Dynamic DNS is an integral part of Active Directory, due in part to the fact
that domain controllers register their SRV resource records in DNS so that other
computers in the Domain (or Forest) can find them.
Types of Dynamic DNS
The term 'dynamic DNS' can be applied to any mechanism for changing a DNS entry
from a DNS client. For example, there are many commercial and noncommercial
Dynamic DNS providers which provide Dynamic DNS service. Updates by clients are
not always done as described in RFC 2136 or RFC 2845. The ddclient program, for
example, sends HTTP GET requests to the Dynamic DNS provider's server which in
turn updates the DNS entry.
Dynamic DNS service is provided on a large scale by various DNS hosting
services, which retain the current addresses in a database and provide a
"client" program to the user which will send an update to the service whenever
the server's IP address has changed. Many routers and other networking
components contain a feature such as this in their firmware. The first router to
support Dynamic DNS was the UMAX UGate-3000 in 1999, which supported the TZO.COM
dynamic DNS service.[1]
'Dynamic DNS' can also refer to the protocol documented by RFC 2136 implemented
by the nsupdate utility. As updating DNS can be dangerous, TSIG can be used to
authenticate dynamic DNS updates to a DNS server using HMAC-MD5 hash key. A
drawback is that the key needs to be installed on every client in order to use
DDNS securely. Microsoft elected to develop an alternative GSS-TSIG, which uses
Kerberos for authentication and thus avoids the need for manual installation of
hash keys. GSS-TSIG is a proposed standard and is the only authentication
supported by Microsoft Windows 2000, Windows XP, and Windows 2003.
Although this authentication method is not supported in BIND, which supports the
TSIG authentication scheme set out in RFC 2845, Microsoft DNS is otherwise fully
interoperable with BIND in versions of BIND subsequent to 8.2.2 (when SRV Record
support was introduced), and Microsoft has for some time provided information on
BIND interoperability with Windows DNS name spaces.
| |
|
