Dynamic Update Of Zone Data; Secure Transactions - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual

the . at the end. Appending the zone to this (without the .in-addr.arpa) results
in the complete IP address in reverse order.
Normally, zone transfers between different versions of BIND should be possible without
any problem.

33.6 Dynamic Update of Zone Data

The term dynamic update refers to operations by which entries in the zone files of a
master server are added, changed, or deleted. This mechanism is described in RFC 2136.
Dynamic update is configured individually for each zone entry by adding an optional
allow-update or update-policy rule. Zones to update dynamically should not
be edited by hand.
Transmit the entries to update to the server with the command nsupdate. For the
exact syntax of this command, check the manual page for nsupdate (man 8 nsupdate).
For security reasons, any such update should be performed using TSIG keys as described
in Section 33.7, "Secure Transactions"

33.7 Secure Transactions

Secure transactions can be made with the help of transaction signatures (TSIGs) based
on shared secret keys (also called TSIG keys). This section describes how to generate
and use such keys.
Secure transactions are needed for communication between different servers and for
the dynamic update of zone data. Making the access control dependent on keys is much
more secure than merely relying on IP addresses.
Generate a TSIG key with the following command (for details, see
man dnssec-keygen):
dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2
This creates two files with names similar to these:
Khost1-host2.+157+34265.private Khost1-host2.+157+34265.key
(page 631).
The Domain Name System 631