How to Disable Dynamic DNS Update in bind

By | January 30, 2010

First of all, let’s figure out what Dynamic DNS update is and why it is used in most recent versions of bind.

Dynamic update represents the idea of exchanging data between two computers with known names both visiting an unknown network where we don’t know, care or trust the underlying address.

It is now possible to point your neighbor at the IETF conference to a web page on your laptop by pointing at the URL on your business card using this technology.

When this feature is enabled, your computer has a potential vulnerability, if your bind configuration is secured using TSIG keys or SIG(0). I will create a post on this subject a bit later, but now I’m going to tell you how to disable Dynamic Updates, if you are unsure whether they are secure.

We need to edit named.conf using any editor available. For each domain zone, that should be secured, we need to add a string. Let me show you how to do it. Here is my zone config before:

zone “” { type master; file “/var/named/”; };

We’re adding a line to disable dynamic DNS updates:

zone “” { type master; file “/var/named/”;
allow-update { none; };

That’s all. Now Dynamic DNS updates are disabled for your domain. Don’t forget to restart bind to activate your input.