On Mar 26, 2004, at 04:13, Gordon Fecyk wrote:
Patrik suggested "10 lines of sh" can put a public key into a DNS KEY
That's pretty powerful stuff from what was originally a batch file
What stops a particular DNS implementation from inserting data into a
RMX-type record or database, or "synthesizing" a response to a
based on data stored in another format somewhere, populated by dynamic
By the use of public-key cryptography.
The main part of the script I run as soon as I get a new IP address
looks like this, and is a call to dnsupdate:
/usr/local/bin/nsupdate -d -v -k $KEYFILE 2>&1 << EOF | grep -v '^>' |
tail -1 > /tmp/
update delete zx81.paf.se A
update add zx81.paf.se 10 A $ADDR
The content of /usr/local/named/default/Kzx81.paf.se.+001+46883.private
was created via use of openssl, and the public key is added to the DNS
as a KEY record.
This is *not* rocket science.