Are there Any Known Issues with MS DNS and MS dhcp Servers?
Barry Finkel
b19141 at achilles.ctd.anl.gov
Fri Apr 5 20:09:27 UTC 2002
Martin McCormick <martin at dc.cis.okstate.edu> wrote:
> This may not seem like the place to post this question,
>but we use bind9 masters and slaves at this site. A department
>has what is now a child dns within our zone and it is a Microsoft
>dns fed by a Microsoft dhcp server.
>
> This is not our choice at all, but we are trying to make
>the best of it as we do not have root access to this dns.
>
> We are quite picky about having addresses that are
>reverse-mappable and domain names that come as close as you can
>in a large organization to making sense which sometimes helps in
>tracking down ownership of systems that are misconfigured or
>compromised.
>
> We realize that all names in the subdomain we set up are
>beyond our control so that is not an issue, but what is an issue
>are failure or malfunction modes that anybody may have seen that
>are either peculiar to DDNS or especially peculiar to Microsoft's
>combination of dhcp and dns. In other words, How do they usually
>break?
>
> What about security issues? At least any malicious
>activity involving the Windows box should stay within the child
>domain and not appear in the broader okstate.edu domain.
I have one forward zone and its five reverse zones on a MS W2k DNS
server with most of the updates coming from a W2k DHCP server. There
are many cases where
an address in the reverse zone has more than one nodename, or
a name in the reverse zone is not fully qualified, or
there are multiple entries in the reverse zones pointing to the
same nodename.
We have not yet opened a trouble ticket with MS. If you require that
the forward and reverse entries match, then I would suggest NOT using
DHCP with non-static registrations.
Since this mailing list is BIND group, feel free to contact me offline
for more details.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list