Simple Failover - Microsoft DNS update agent
Download "sfomdua-setup.exe" (2.54 MB)
Operating system: Windows Server (2000 SP4, 2003 SP2, 2003 R2, 2008, 2008 R2, 2012, or 2012 R2).
CPU / RAM: As per operating system and .NET 2.0 SP2 requirements.
"Simple Failover - Microsoft DNS update agent" is freeware.
"Simple Failover - Microsoft DNS update agent" is a program which can be installed and run (as a Windows service) on Windows Servers which
allows Simple Failover (v. 2.0 and later) on another computer to update DNS host records on the Microsoft DNS server on that Windows server - over the Internet or LAN.
We developed this program because (unlike most other DNS servers) Microsoft's DNS server does not support standard TSIG signed dynamic updates, and has no other update methods
that can easily and securely be executed remotely over the Internet.
We are aware that Microsoft's DNS server can be updated remotely through WMI (Windows Management Instrumentation), "dnscmd.exe" (via RPC), and "secure updates" (Microsoft's own version of TSIG). However, for all practical purposes, these methods only work in LAN environments.
This program communicates with Simple Failover over TCP (a port must be opened on your firewall for this). The DNS update instructions sent from Simple Failover are signed
using the SHA-1 hash algorithm. The hashed data includes the update instructions, a shared secret password, and a random challenge generated for each new connection/request (16 bytes).
The signature ensures that the password is never transmitted in any form, and the random challenge prevents play-back attacks.
This is very similar to the standard TSIG update algorithm used by other DNS servers - only slightly more secure because it uses a random challenge instead of a time-stamp.
A configuration program is included (see Windows Start menu / Programs / Simple Failover - Microsoft DNS update agent), which looks like this:
|- Listen on IP address:
||Select the local IP address on which the program should listen for update requests from Simple Failover.
This must match the IP address specificed for the DNS server in Simple Failover.
|- Listen on TCP port:
||Specify the TCP port (1-65535) on which the program should listen for update requests from Simple Failover.
This must match the TCP port specified in Simple Failover.
||This must match the password specified in Simple Failover.