Icseaturtles (
talk |
contribs)
m Reverted edits by
194.66.199.61 to last revision by 205.234.120.83 (
HG) |
|||
| Line 18: | Line 18: | ||
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the [[DNSSEC]] protocol suite, such as [[TSIG]], have been developed to secure DNS updates, but are not widely in use. |
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the [[DNSSEC]] protocol suite, such as [[TSIG]], have been developed to secure DNS updates, but are not widely in use. |
||
Microsoft developed [[TSIG#Alternatives to TSIG|alternative]] technology ([[Generic Security Service Algorithm for Secret Key Transaction|GSS-TSIG]]) based on [[Kerberos (protocol)|Kerberos]] authentication. |
Microsoft developed [[TSIG#Alternatives to TSIG|alternative]] technology ([[Generic Security Service Algorithm for Secret Key Transaction|GSS-TSIG]]) based on [[Kerberos (protocol)|Kerberos]] authentication.lee |
||
==See also== |
==See also== |
||
Revision as of 11:25, 27 April 2009
Dynamic DNS is a method, protocol, or network service that provides the capability for a networked device, such as a router or computer system using the Internet Protocol Suite, to notify a domain name server to change, in real time (ad-hoc) the active DNS configuration of its configured hostnames, addresses or other information stored in DNS.
A popular application of dynamic DNS is to provide a residential user's Internet gateway that has a variable, often changing, IP address with a well known hostname resolvable by network applications through standard DNS queries.
History
In the initial stages of the Internet ( ARPANET, NSFNet) addressing of hosts on the network was achieved by static translation tables that mapped hostnames to IP addresses. The Domain Name System brought a method of distributing the same address information automatically online through recursive queries to remote databases configured for each network, or domain. Even this DNS facility still used static lookup tables at each participating node. IP addresses, once assigned to a particular host, rarely changed and the mechanism was initially sufficient. However, the rapid growth of the Internet and the proliferation of personal computers in the workplace and in homes created the substantial burden for administrators of keeping track of assigned IP addresses and managing their address space. The Dynamic Host Configuration Protocol (DHCP) allowed enterprises and Internet service providers (ISPs) to assign addresses to computers on the fly as they powered up. In addition, this helped conserve the address space available, since not all devices might be actively used at all times and addresses could be assigned as needed. This feature required that DNS servers be kept current automatically as well. The first implementations of dynamic DNS fulfilled this purpose: Host computers gained the feature to notify their respective DNS server of the address they had received from a DHCP server or through self-configuration. This protocol-based DNS update method was documented and standardized in IETF publication RFC 2136 in 1997 and has become a standard part of the DNS protocol (see also nsupdate program).
The explosive growth and proliferation of the Internet into people's homes brought a growing shortage of available IP addresses. DHCP became an important tool for ISPs as well to manage their address spaces for connecting home and small-business end-users with a single IP address each by connecting them through a Network Address Translation (NAT) router. Behind these routers (in the private network) it was possible to reuse address space set aside for these purposes (RFC 1918). This, however, broke the end-to-end principle of Internet architecture and methods were required to allow private networks, masqueraded by frequently changing IP addresses, to discover their routable 'outside' address and insert it into the domain name system in order to participate in Internet communications more fully. Today, numerous providers, called Dynamic DNS service providers, offer such technology and services on the Internet.
Function
Dynamic DNS providers provide a software client program that automates the discovery and registration of client's public IP addresses. The client program is executed on a computer or device in the private network. It connects to the service provider's systems and causes those systems to link the discovered public IP address of the home network with a hostname in the domain name system. Depending on the provider, the hostname is registered within a domain owned by the provider or the customer's own domain name. These services can function by a number of mechanisms. Often they use an HTTP service request since even restrictive environments usually allow HTTP service. This group of services is commonly also referred to by the term Dynamic DNS, although it is not the standards-based DNS Update method. However, the latter might be involved in the providers systems.
Most home networking routers today have this feature already built into their firmware. One of the early routers to support Dynamic DNS was the UMAX UGate-3000 in 1999, which supported the TZO.COM dynamic DNS service. [1]
An example of use is a home user who wishes to access a computer on a home network while travelling. The user may be supplied with a different IP address every time an Internet connection to the service provider is made, so there is no stable address to connect to. If a DDNS service is used to associate a fixed address to a device, then the user can, for example, establish a Virtual Private Network (VPN) to the network using that address. As a detailed example, the IP address can be 123.234.111.112 one day, 123.124.45.15 the next, but the DDNS address will always be, say, myhome.ddns.org. A remote control program such as VNC server can be left running on a machine in the network; the user can connect to the network by establishing a password-protected VPN to myhome.ddns.org, then connect to the machine using a VNC client program.
In Microsoft Windows networks, Dynamic DNS is an integral part of Active Directory, because domain controllers register their network service types in DNS so that other computers in the Domain (or Forest) can access them.
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the DNSSEC protocol suite, such as TSIG, have been developed to secure DNS updates, but are not widely in use. Microsoft developed alternative technology ( GSS-TSIG) based on Kerberos authentication.lee
See also
External links
Icseaturtles (
talk |
contribs)
m Reverted edits by
194.66.199.61 to last revision by 205.234.120.83 (
HG) |
|||
| Line 18: | Line 18: | ||
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the [[DNSSEC]] protocol suite, such as [[TSIG]], have been developed to secure DNS updates, but are not widely in use. |
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the [[DNSSEC]] protocol suite, such as [[TSIG]], have been developed to secure DNS updates, but are not widely in use. |
||
Microsoft developed [[TSIG#Alternatives to TSIG|alternative]] technology ([[Generic Security Service Algorithm for Secret Key Transaction|GSS-TSIG]]) based on [[Kerberos (protocol)|Kerberos]] authentication. |
Microsoft developed [[TSIG#Alternatives to TSIG|alternative]] technology ([[Generic Security Service Algorithm for Secret Key Transaction|GSS-TSIG]]) based on [[Kerberos (protocol)|Kerberos]] authentication.lee |
||
==See also== |
==See also== |
||
Revision as of 11:25, 27 April 2009
Dynamic DNS is a method, protocol, or network service that provides the capability for a networked device, such as a router or computer system using the Internet Protocol Suite, to notify a domain name server to change, in real time (ad-hoc) the active DNS configuration of its configured hostnames, addresses or other information stored in DNS.
A popular application of dynamic DNS is to provide a residential user's Internet gateway that has a variable, often changing, IP address with a well known hostname resolvable by network applications through standard DNS queries.
History
In the initial stages of the Internet ( ARPANET, NSFNet) addressing of hosts on the network was achieved by static translation tables that mapped hostnames to IP addresses. The Domain Name System brought a method of distributing the same address information automatically online through recursive queries to remote databases configured for each network, or domain. Even this DNS facility still used static lookup tables at each participating node. IP addresses, once assigned to a particular host, rarely changed and the mechanism was initially sufficient. However, the rapid growth of the Internet and the proliferation of personal computers in the workplace and in homes created the substantial burden for administrators of keeping track of assigned IP addresses and managing their address space. The Dynamic Host Configuration Protocol (DHCP) allowed enterprises and Internet service providers (ISPs) to assign addresses to computers on the fly as they powered up. In addition, this helped conserve the address space available, since not all devices might be actively used at all times and addresses could be assigned as needed. This feature required that DNS servers be kept current automatically as well. The first implementations of dynamic DNS fulfilled this purpose: Host computers gained the feature to notify their respective DNS server of the address they had received from a DHCP server or through self-configuration. This protocol-based DNS update method was documented and standardized in IETF publication RFC 2136 in 1997 and has become a standard part of the DNS protocol (see also nsupdate program).
The explosive growth and proliferation of the Internet into people's homes brought a growing shortage of available IP addresses. DHCP became an important tool for ISPs as well to manage their address spaces for connecting home and small-business end-users with a single IP address each by connecting them through a Network Address Translation (NAT) router. Behind these routers (in the private network) it was possible to reuse address space set aside for these purposes (RFC 1918). This, however, broke the end-to-end principle of Internet architecture and methods were required to allow private networks, masqueraded by frequently changing IP addresses, to discover their routable 'outside' address and insert it into the domain name system in order to participate in Internet communications more fully. Today, numerous providers, called Dynamic DNS service providers, offer such technology and services on the Internet.
Function
Dynamic DNS providers provide a software client program that automates the discovery and registration of client's public IP addresses. The client program is executed on a computer or device in the private network. It connects to the service provider's systems and causes those systems to link the discovered public IP address of the home network with a hostname in the domain name system. Depending on the provider, the hostname is registered within a domain owned by the provider or the customer's own domain name. These services can function by a number of mechanisms. Often they use an HTTP service request since even restrictive environments usually allow HTTP service. This group of services is commonly also referred to by the term Dynamic DNS, although it is not the standards-based DNS Update method. However, the latter might be involved in the providers systems.
Most home networking routers today have this feature already built into their firmware. One of the early routers to support Dynamic DNS was the UMAX UGate-3000 in 1999, which supported the TZO.COM dynamic DNS service. [1]
An example of use is a home user who wishes to access a computer on a home network while travelling. The user may be supplied with a different IP address every time an Internet connection to the service provider is made, so there is no stable address to connect to. If a DDNS service is used to associate a fixed address to a device, then the user can, for example, establish a Virtual Private Network (VPN) to the network using that address. As a detailed example, the IP address can be 123.234.111.112 one day, 123.124.45.15 the next, but the DDNS address will always be, say, myhome.ddns.org. A remote control program such as VNC server can be left running on a machine in the network; the user can connect to the network by establishing a password-protected VPN to myhome.ddns.org, then connect to the machine using a VNC client program.
In Microsoft Windows networks, Dynamic DNS is an integral part of Active Directory, because domain controllers register their network service types in DNS so that other computers in the Domain (or Forest) can access them.
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the DNSSEC protocol suite, such as TSIG, have been developed to secure DNS updates, but are not widely in use. Microsoft developed alternative technology ( GSS-TSIG) based on Kerberos authentication.lee