Domain Name System dynamic update

From Citizendium
Revision as of 10:31, 30 September 2008 by imported>Howard C. Berkowitz (Draft;; need to fil out DHCP and SLAAC; detail DNS UPDATE operation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Template:TOC-right Today's Internet Protocol networks, for a variety of reasons, can have rapid, fine-grained changes in name-to-address mapping, and the Domain Name System dynamic update technology was introduced to cope with this need. Dynamic update is an additional security vulnerability, and must be implemented with Domain Name System security (DNSSEC) in mind.

The original intent of the Domain Name System was to replace a completely static file of address-to-name mappings called hosts.txt. While the single file was not scalable and needed to be replaced by the distributed database that is the basic DNS architecture, server in that architecture still tended to be updated in a deliberate, batch-oriented procedure.

Both the rate of appearance of new hosts, as well as operational techniques that temporarily pair addresses and names, it was necessary to expand DNS so it could be updated not only with entire files (i.e., zone transfer), but with transient, dynamically acquired addresses. [1] Such an update is an invitation to attack unless secured, so dynamic DNS update should always be associated with a specific secure update mechanism,[2] within the DNS security architecture.[3]

Operation of Dynamic Update

Sources of Dynamic Update

The most common source of dynamic updates is the Dynamic Host Configuration Protocol (DHCP), used on local area networks but also providing the mapping service, via a proxy, to other dynamic address assignments, such as the PPP Internet Protocol Control Protocol (IPCP)[4] of the Point-to-Point Protocol.[5]

A major new area of dynamic update comes from the Internet Protocol version 6 Stateless Address Configuration (SLAAC) mechanism.

Dynamic Update deployment

References

  1. S. Thomson, Y. Rekhter, J. Bound. (April 1997), P. Vixie, ed., Dynamic Updates in the Domain Name System (DNS UPDATE), RFC2136
  2. B. Wellington (November 2000), Secure Domain Name System (DNS) Dynamic Update, RFC3007
  3. R. Arends, R. Austein, M. Larson, D. Massey, S. Rose (March 2005), DNS Security Introduction and Requirements, RFC4033
  4. G. McGregor (May 1992), PPP Internet Protocol Control Protocol (IPCP), RFC1332
  5. W. Simpson, ed. (July 1994), Point-to-Point Protocol (PPP), RFC1661