Dynamic DNS

From Wikipedia, the free encyclopedia

Dynamic DNS is a system which allows the domain name data held in a name server to be updated in real time. The most common use for this is in allowing an Internet domain name to be assigned to a computer with a varying (dynamic) IP address. This makes it possible for other sites on the Internet to establish connections to the machine without needing to track the IP address themselves. A common use is for running server software on a computer that has a dynamic IP address, as is the case with many consumer Internet service providers.

Dynamic DNS service is provided on a large scale by various DNS hosting services, which retain the current addresses in a database and provide a "client" program to the user which will send an update to the service whenever the server's IP address has changed. Many routers and other networking components contain a feature such as this in their firmware. The first router to support Dynamic DNS was the UMAX UGate-3000 in 1999, which supported the TZO.COM dynamic DNS service.[1]

To implement dynamic DNS it is necessary to set the maximum caching time of the domain to an unusually short period (typically a few minutes). This prevents other nodes on the Internet from retaining the old address in their DNS cache, so that they will typically contact the name server of the domain for each new connection.

Dynamic DNS is an integral part of Active Directory, due in part to the fact that domain controllers register their SRV resource records in DNS so that other computers in the Domain (or Forest) can find them.

The term 'dynamic DNS' can be applied to any mechanism for changing a DNS entry from a DNS client. For example, there are many commercial and noncommercial Dynamic DNS providers which provide Dynamic DNS service. Updates by clients are not done as described in RFC 2136 or RFC 2845. The ddclient program, for example, sends HTTP GET requests to the Dynamic DNS provider's server which in turn updates the DNS entry.

'Dynamic DNS' is documented by RFC 2136 and is related to nsupdate, a utility to utilize DDNS protocol. As updating DNS can be dangerous, TSIG can be used to authenticate dynamic DNS updates to a DNS server using HMAC-MD5 hash key. This key apparently needs to be installed on every client that needs to utilize DDNS securely. Microsoft elected to develop an alternative GSS-TSIG, which uses Kerberos (protocol) for authentication and thus avoiding the need for manual installation of hash keys. GSS-TSIG is a proposed standard and is the only authentication supported by Microsoft Windows 2000, Windows XP, and Windows 2003.

Although this authentication method is not supported in BIND, which supports the TSIG authentication scheme set out in RFC 2845, Windows DNS is otherwise fully interoperable with BIND in versions of BIND subsequent to 8.2.2 (when SRV Record support was introduced), and Microsoft has for some time provided information on BIND interoperability with windows DNS name spaces.

[edit] See also

[edit] External links