Re: [Comm] Re[2]: [Comm] DHCP и DDNS

[Alexander Bokovoy <a.bokovoy@sam-solutions.net>]

On Fri, Nov 01, 2002 at 02:14:49PM +0400, Andrei M. Laptev wrote:
> On Fri, 1 Nov 2002 11:11:27 +0400
> ASA <llb@udm.ru> wrote:
> 
> > Hello YuriY,
> > 
> > Friday, November 1, 2002, 10:50:49 AM, you wrote:
> > 
> 
> > С другой стороны, логично: если ты знаешь какой IP на каком
> > компе будет, что мешает тебе довести дело до конца и написать
> > запись в DNS как в старые добрые времена?
> > 
> Да в общем то я все это затеял вот из за чего: хочется мне чтобы в случае когда 
> юзер меняет имя компьютера в винде, то эти изменения автоматически отображались 
> в днс-е. Максимум конечно хотелось бы чтоб виндовый dhcp-клиент воспринимал 
> например option host-name, да и большинство других параметров, которые можно 
> раздавать по dhcp, но это уже не проблема самого dhcpd.
> 
> Если кто-то считает что смена имени происходит редко, то это не про нас :)
Для этого необходима реализация расширения TSIG-GSS для динамического DNS.
Вот два письма от Andrew Tridgell на эту тему:
----------------------------------------------------------------------------
Those of you with win2000 based DNS servers might be interested to
know that I have just successfully sent a TSIG-GSS dynamic DNS update
to a win2000 server from a Linux box, using a kerberos ticket from MIT
kerberos. This is an important piece of the netbiosless support that
is being added to Samba.

Thus far I have only sent successful updates using des-cbc-crc
tickets. I would prefer to be able to use hmac-md5 tickets as that is
what win2000 uses, but I haven't been able to get that to work
yet. I'm guessing there may be a bug in the MIT hmac-md5
implementation, or at least a difference between the MIT and Microsoft
implementations. The MIT library can certainly generate and use
hmac-md5 tickets for other things (we use them in Samba ADS support
all the time) so I suspect the problem is in using them for signing
(like in calls to gss_get_mic()).

My current test implementation is a mish-mash of perl and C, using the
Net::DNS perl module for DNS packet construction and C to interface to
the MIT kerberos GSSAPI library. I'm still thinking about how I will
put this into a more palatable form, the choices seem to be to either
cleanup my perl code a bit or try to modify the bind-9 nsupdate
utility to handle the necessary TKEY requests. I originally started
on this project with the aim of updating the bind-9 code but I've
found it fairly hard to work out how to extend it, which is why I
switched to the Net::DNS module.

If anyone out there knows the bind-9 code really well and wants to
help me produce a patch to that then please let me know.

Cheers, Tridge
----------------------------------------------------------------------------

и второе, с ссылкой на код:

----------------------------------------------------------------------------
I've released an initial version of the tsig-gss dynamic DNS update 
utility at http://www.samba.org/ftp/samba/tsig-gss/

Cheers, Tridge
---------------------------------------------------------------------------- 
-- 
/ Alexander Bokovoy
---
After living in New York, you trust nobody, but you believe everything.
Just in case.