DNS name and dynamic IP
Kevin Darcy
kcd at daimlerchrysler.com
Fri Nov 5 21:34:30 UTC 2004
sinister wrote:
>"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
>news:cmel0i$g42$1 at sf1.isc.org...
>
>
>>sinister wrote:
>>
>>
>>
>>>I connect to a Solaris box via SSH over VPN from my home Windows XP Home
>>>box.
>>>
>>>I started finding all these weird names in the wtmpx file on the Solaris
>>>box. (It's a log file with a list of users, connect times, connecting
>>>IP/name, etc.)
>>>
>>>Called IT support and he said it was something like the following.
>>>(Pardon
>>>my obvious lack of knowledge of the subject.) One name server has been
>>>setup so that on reverse lookup the names resolve statically as
>>>vpn-xxx-xxx-xxx-xxx.domain.xxx. The other name server, the one the
>>>Solaris
>>>box queries, was setup to lookup the name based on technologies related to
>>>DDNS, DHCP, etc. (Here's where my lack of knowledge is showing.)
>>>Something
>>>like, when someone connects, their client can carry a name that their ISP
>>>passes on to the name server. These names are supposed to be deleted when
>>>the connection closes, but if it's not closed gracefully, they might not
>>>be
>>>deleted for a few days. He thought it likely that my home machine doesn't
>>>have such a name assigned to it, so when I connect there's nothing to
>>>overwrite the stale record there (if there is one) for that IP address.
>>>Then when the Solaris box tries reverse lookup, it's given the stale name.
>>>
>>>(1) Can I stick a name on my Windows box (something like
>>>first.last at isp.net)
>>>so the stale records are overwritten?
>>>(2) What's the name of this technology? (I tried searching on DDNS, DHCP,
>>>BIND, etc, but didn't have enough knowledge to use keywords that would
>>>allow
>>>a google search to answer my question.)
>>>(3) Is the support guy's explanation accurate? Or is their name server
>>>not
>>>behaving according to specs?
>>>
>>>
>>>
>>I think I know what the guy is getting at. Many enterprise products for
>>DNS and DHCP (e.g. Nortel's NetID and Lucent's QIP are two that I've
>>worked with) have the ability to integrate the two subsystems, i.e.
>>whenever a DHCP lease is given out, a fully-qualified DNS name is
>>determined for that particular node, and the corresponding name is added
>>to DNS. Conversely when a DHCP lease is expired or relinquished, the
>>associated DNS name should be deleted. If the client doesn't send a
>>"hostname" (DHCP option 12) or a "client FQDN" (DHCP option 81), then
>>the DHCP/DNS system may simply make up a name for the client, based on
>>defaults, rules and/or heuristics. So if your client is not sending
>>either of those and you're getting different addresses from the dynamic
>>address range on different VPN connections, your reverse DNS resolution
>>may vary and you might see a bunch of "weird" names.
>>
>>As far as I know there aren't any standards to govern how DNS and DHCP
>>are integrated, if at all.
>>
>>Is this really a problem though? If you ever need to audit your own VPN
>>connections, then the contents of your Solaris box'es wtmpx, together
>>with the audit history from the DNS/DHCP system, and perhaps also from
>>your VPN system, you should have enough information to go on.
>>
>>
>
>Thanks for your kind and informative response.
>
>I don't know enough about these things to say, but I believe you when you
>say an audit could be done. I'm just a casual end user and occasionally
>help out with the Solaris sysadmin; and the people responsible for the DNS
>don't work for us. It'd be easiest to just make sure my (Windows XP home
>edition) PC has a hostname. You wouldn't know how to do that would you?
>:-)
>
>Best,
>
>
Knowledge Base article #317590 seems to imply that all you need is a
"computer name" and a "primary DNS suffix" configured (on Win2K and
presumably higher) in order for the client to send Option 81 to the DHCP
server, but I can't really find anything definitive...
- Kevin
More information about the bind-users
mailing list