Dynamic Update with BIND9 (1/4)

Authentication
message authentication with shared secret (TSIG)
DO NOT rely on address-based authentication
quite vulnerable to spoofing

Create a zone for dynamic update
it is recommended to use a separate zone
BIND9 does not allow dynamic and static zones to coexist

Configure update policy for the zone
"update-policy" statement in named.conf
fine-grained policies can be specified (e.g., per host name)
"allow-update" statement
old-style, address-based configuration: Don't use this