steve ulrich wrote:
> 
> when last we saw our hero (Tuesday, Jun 18, 2002), 
>  Jima was madly tapping out:
> > On Tue, 18 Jun 2002, steve ulrich wrote:
> > > i think that's a nice way to handle the naming of the ssid and the
> > > gw addresses.  i think that we might want to distribute our dns a
> > > bit and we need to make provisions for folks that have dynamic
> > > addresses (from cable providers, etc) it might not be a bad thing
> > > to either develop tutorials for these users for either doing
> > > signed updates (ala bind 9) or wrap a client up that allows them
> > > to determine what their external ip is and notify the server(s).
> > 
> >  I've hacked together a fairly simple way to do the latter.  I've
> >  had client machines periodically run wget (through cron), hitting a
> >  CGI script on a web server, which checks the IP (via the
> >  $REMOTE_ADDR variable) against the IP it has for the hostname
> >  (specified in the request).  If it's the same, nothing happens; if
> >  it's different, it updates the DNS record.  Sample command line:
> > 
> > wget -q -O /dev/null
> > "http://dyndns.domain.com/cgi-bin/dyndns.cgi?host=<hostname>"
> 
> i was thinking of something precisely along these lines.  my goal in
> having something along these lines is to allow folks who aren't
> running a *nix to host nodes which fall into the scheme correctly
> while obviating the complexities associated with the signed updates.
> 
> i think that we'd need something with a bit more security to avoid
> replay attacks but i think you're dead on here.  

Bind 8 and 9 support dynamic updates and I think there's a version of
bind 9 that will run on NT. If this is the case then NT users can just 
run nsupdate which will talk directly from the client system to the
nameserver and has good security built in. I'm doing this for several 
people with cable modems on my nameservers. 

For other people it'd be fairly trivial to write a cgi script that can
run on a web server somewhere and can interface with nsupdate. Wget 
runs on windows and can be used to talk to the cgi script. I know that 
the latest version of wget talks https but I'm not sure about the 
windows version I've got. If it does that would take care of most of the
security problems.

I can provide help with getting dynamic updates working in bind and with
the somewhat strange syntax of nsupdate if someone would like it.

-- 
Bryan Halvorson
bryan at edgar.sector14.net