Advertisements

General Musing

blaze your trail

Posts Tagged ‘domain

OS registers to DNS #security #risk

leave a comment »

PostBox

Recently on NANOG I saw the item below, I was thinking about what this actually means. A computer would – similar to DynDNS – register itself and it’s hostname to a DNS server using some kind of authentication. Naturally I immediately thought this was a brilliant plan, and didn’t understand why nobody, with the exception of DynDNS, had thought of this before. The immediate afterthought was that this would be easy to implement with a soft-token, which is the software equivalent of a physical token like RSA’s SecureID, or complicated to implement with PKI infrastructure.

From: Mark Andrews <[email protected]>
Re: mailing list bounces

It will be much better when the OS’s just register themselves in
the DNS. Humans shouldn’t have to do this when a machine renumbers.
Named can already authenticate PTR updates based on using TCP and
the source address of the update. For A/AAAA records you setup a
cryptographically strong authentication first.

DynDNS uses username password, which is less secure than the cryptographically strong solution that Mark Andrews mentions below.

Image source: Bill McCurdy

Advertisements

Written by Daniël W. Crompton (webhat)

March 8, 2011 at 4:56 pm

Posted in mail, pki, security

Tagged with , , , ,

%d bloggers like this: