DNS Update RFC2136 without security

broesch-dkk · January 4, 2017, 3:48pm

I am trying to get the DNS Update Service to update DNS records in an Windows DNS Server. It is an internal Domain DNS Server, so there is no security (needed).
The rancher server is running in the same domain.
I can add DNS records using nsupdate from my local machine without TSIG.

When I use DNS Update RFC2136 I get errors, because TSIG Key Name and TSIG Key are mandatory.

I looked at the code here and can’t see an easy way to send the request without TSIG.

We plan to have several internal tools running in this domain. For external facing stuff (website, etc.) we plan to use an external DNS provider.

vincent · January 4, 2017, 6:34pm

Saying it’s internal so there’s no need for security seems rather short-sighted, but I expect we would accept a PR that added an INSECURE or similar option that allowed doing no TSIG.

broesch-dkk · January 5, 2017, 8:25am

Generally speaking I would agree, in this specific case it actually makes sense, it is a separate, secured network. It is just that the DNS server accepts updates from members of this network, not that there is no security at all…
I’ll see what I can do.
Thanks.

broesch-dkk · January 5, 2017, 1:53pm

OK, I opened the PR:
https://github.com/rancher/external-dns/pull/54

Topic		Replies	Views
External RFC2136 DNS without TSIG	2	2025	January 6, 2017
External dns with bind deployed on Rancher	0	964	October 27, 2016
Dnsupdate-rfc2136 and fqdn for services	2	944	May 3, 2017
DNS rfc2136 how to use in rancher2? Rancher 2.x	0	507	December 16, 2019
Dns rfc2136 to bind is working now how to use a name template Rancher 2.x	3	465	February 22, 2020

DNS Update RFC2136 without security

Related Topics