Tinc 2.0
Rob Townley
rob.townley at gmail.com
Sat Mar 7 01:16:19 CET 2009
i looked at DynDns, and a free online dns book at zytrax's
_DNS_for_Rocket_Scientists_ specifically
http://www.zytrax.com/books/dns/ch8/txt.html but am left wondering
how many TXT records can exist for a single hostname. Every example
only had one TXT record.
SRV records are limited in length but are already set up to hold a
PortNumber and fqdn. The last two fields in a SRV record are a
PortNumber and fqdn. So a SRV record could already contain the
publicaly routable ip of the NATing device and the port number opened
by the tinc host on the private side of the NAT.
And when it comes to storing a public KEY, there is already a KEY
Resource Record type and a tool to generate the key.
Copied from http://zytrax.com/books/dns/ch8/key.html says:
Public Key Record (KEY)
The KEY RR contains the public key (of an asymmetric encryption
algorithm) used for all non-DNSSEC operations such as securing DDNS
transactions. Public keys used for DNSSEC functions such as zone
signing are defined using a DNSKEY RR. KEY RRs are created using the
dnssec-keygen utility supplied with BIND.
dnsEntries
(
tincHostName IN A 5.0.0.0/8 (PrivateStaticTincIPaddress ).
KEY PublicKey.
SRV _PublicDynamicDNSPortNumberIPaddress, PublicDynamicDNSipAddress.
TXT "StaticMacAddress=55:5dotIPaddress,
MemberListOfTincNetworkNames=alpha, beta, gamma,misc1=,misc2=".
TTL.
?_________?
)
On Fri, Mar 6, 2009 at 3:23 PM, David Nicol <davidnicol at gmail.com> wrote:
> http://www.dyndns.com/support/kb/record_types_supported_in_custom_dns_standard_interface.html
>
> On Fri, Mar 6, 2009 at 2:34 PM, Rob Townley <rob.townley at gmail.com> wrote:
>> On Fri, Mar 6, 2009 at 1:54 PM, David Nicol <davidnicol at gmail.com> wrote:
>>> the keys are too big for .txt records?
>>>
>>> On Fri, Mar 6, 2009 at 8:19 AM, Rob Townley <rob.townley at gmail.com> wrote:
>>>> But it is difficult to replicate the public host file to each
>>>> machine. That is why I would welcome a modified myDns or modified
>>>> djbdns that holds the public key for each dynamically updated
>>>> hostname. Hamachi must use a special DNS server to accomplish this.
>>> - Show quoted text -
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>
>>
>> Have not had much experience with txt record actual vs theoretical
>> restrictions, but would think text records could work fine. Section
>> 6.1 and 6.3 of the DNS Service Discovery draft below recommend no more
>> than 300 bytes even though the previous paragraph says a txt record
>> can be 65535 bytes - probably for performance reasons. The length of
>> the txt record has to be maintained and sent as well. DNS Extensions
>> may work or TSIG and other DNSSEC means. But all of us can think in
>> terms of db columns and leveraging myDNS / mySQL replication..
>>
>> http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>
>
>
> --
> "Nah, we straight."
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
More information about the tinc
mailing list