<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6000.17023" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText19706 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Hi /dev/rob0,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I'm no expert in network protocols, and DNS is just one of the many things I need to manage, I run dnsmasq precisely for its simplicity and ease of use, and most of the research below was made by a workmate (cc'ed), so I could be asking stupid questions, apologies in advance :)</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I blame Microsoft for me wanting a Dynamic DNS protocol, I need single sign on security for a datacenter that involves Windows 2008, XenServer and Ubuntu machines, Active Directory can be used for all of them, so I decided to give it a try. The problem is that Active Directory is designed to run with the Windows DNS Server service, which uses dynamic dns to manage a number of records.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I definitely don't want to use the windows DNS server, so I wondered if I could trick Active Directory to use dnsmasq as its dns server. I think dynamic dns is not implemented, and I'd say it will never be, but it still looks like a worthy discussion item.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Probably I'll need to research a kerberos-based single sign-on system instead and run authentication from a linux server, anyway.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Cheers,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>/dev/rob0 wrote:<BR><BR>> On Thu, Jun 24, 2010 at 09:51:57AM +0100, Alberto Cuesta-Canada wrote:<BR>><BR>>> are there any plans of implementing Dynamic DNS for dnsmasq?<BR>>> <BR>>> There is a perl script that adds that functionality here:<BR>>> <A href="https://ukmail1/exchweb/bin/redir.asp?URL=http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl" target=_blank>http://psydev.syw4e.info/new/dynamic-dnsmasq/dynamic-dnsmasq.pl</A><BR>><BR>> I don't understand all the desire to invent new protocols for dynamic<BR>> DNS. RFC 2136 handles it quite well. If dnsmasq were to add another<BR>> protocol, it should be RFC 2136. Dyndns.org's protocol is not a<BR>> standard.<BR>><BR>> Some years back, before I really understood 2136, I wrote a perl/CGI<BR>> frontend for nsupdate(8) which does something similar without<BR>> exposing another root-owned TCP socket to the world. By means of<BR>> permissions on a copy of the key, I was able to allow the httpd(8)<BR>> user to run nsupdate after authenticating the user.<BR>><BR>> Another thing I'm not understanding is why is this needed? Are you<BR>> running dnsmasq as authoritative nameserver for the world? I hope<BR>> Simon will correct me if I'm wrong, but I don't see that as a<BR>> typical role for dnsmasq.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV></DIV>
<DIV id=idSignature91063 dir=ltr>
<DIV><FONT face=Arial color=#000000 size=2>
<DIV>
<DIV><FONT face=Arial size=2><STRONG>Alberto Cuesta-Canada</STRONG></FONT></DIV></DIV>
<DIV><FONT face=Arial size=1>GaaS Team Lead</FONT></DIV>
<DIV><FONT face=Arial size=1>Excelian Ltd.</FONT></DIV>
<DIV><FONT face=Arial size=1>+44 (0) 7942633361</FONT></DIV></FONT></DIV></DIV><BR>
The information contained in this email and any attached files are confidential and intended solely for the addressee(s). The email may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the named addressee you may not use, copy, or disclose this information to any other person. If you received this message in error please notify the sender immediately and delete it from your system. <BR>
<BR>
Any opinion or views contained in this email message are those of the sender, and do not represent those of the Company in any way and reliance should not be placed upon its contents. Unless otherwise stated, this email message is not intended to be contractually binding. Where an Agreement exists between our respective companies and there is conflict between the contents of this email message and the Agreement then the terms of that Agreement shall prevail.<BR>
<BR>
Excelian<BR>
50 Featherstone Street<BR>
London<BR>
EC1Y 8RT<BR>
Tel: +44 (0) 20 7336 9595<BR>
Fax: +44 (0) 20 7336 9596<BR>
www.Excelian.com<BR>
_____________________________________________________________________<BR>
This e-mail has been scanned for viruses by MessageLabs. For further information visit http://www.messagelabs.com<BR>
<BR>
Excelian subscribes to cleaner and greener methods of working. Help take responsibility for the environment. Please don't print this email unless you absolutely have to.<BR>
</BODY></HTML>