force DDNS update
Carl Karsten
carl at personnelware.com
Mon Apr 23 22:14:55 UTC 2007
Simon Hobson wrote:
> Carl Karsten wrote:
>
>> > Yes, simply delete the stale records using nsupdate*
>>
>> That just dumps the 'incorrect' entry, but won't add the correct one, right?
>> guessing the easiest way to fix is force the client to do another
>> dchp request?
>
> Correct
>
>> Is there some way to get dhcpd to do this?
>
> No
That makes me sad.
:)
>
>> > Thw DHCP server will NOT replace or remove an A record that does not
>> > have the correct TXT record to go with it. The TXT record has a hash
>>> of several bits of information that allows the server to determine
>>> that it wasn't something else that put the record there. This is a
>>> safety feature - otherwise someone could name their client "server"
>>> and the DHCP server would happily replace the A record for you
>>> important server of the same name with one that points to the client,
>>> with the obvious effects on the network !
>> I see your point. But I think we can get the best of both worlds.
>>
>> In my case, dhcpd is the only thing with the key.
>>
>> The host name comes from the following:
>>
>> Client supplied
>>
>> host sahara {
>> hardware ethernet 00:40:ca:11:3c:6c ;
>> option host-name "sahara" ;
>> fixed-address 192.168.1.3 ; }
>>
>> option host-name=concat("dhcp", binary-to-ascii(10, 8, "-",
>> suffix(leased-address,1) ) ) ;
>>
>> What determines the precedence order,
>> and is there a way to ignore the client supplied one?
>
> ddns-hostname="something";
>
>> > The TXT record has a hash
>>> of several bits of information that allows the server to determine
>>> that it wasn't something else that put the record there.
>> Which server? (dhcp or bind?)
>
> DHCP
>
>> This has me wondering:
>> Box1 does DHCPREQUEST and gets a lease.
>> Could a Box2 construct a DHCPRELEASE that looks like it came from Box1 so that
>> the dhcp server doesn't know that Box1 is still using the IP?
>
> Yes, it is almost trivial to do. Just create a DHCP-Release with the
> other machines MAC address and send it to the server. This might not
> actually get your too far though, the server will not give it to
> another client for two reasons :
>
> 1) It will not be chosen for reuse until other, less recently used,
> addresses have been exhausted.
>
> 2) It will gte abandoned when the server does a "ping before offer"
> check - assuming of course that the client doesn't have a firewall
> blocking pings (which IMHO is a stupid thing to do !)
>
>
But that will cause dhcp to remove an A record and allow the dhcp request that
you describe: someone could name their client "server"...
I am not complaining about security issues or suggesting that this system needs
to be made more robust (if it is a hostel environment, set static IP's and
static dns.) What I am bitching about is being made to jump though a hoop
(which generally is what causes me to break things) for the sake of a safety
feature. Who is this feature keeping safe?
ok, maybe bitching isn't the right word. Looking for options. especially now
that I know it isn't just my setup that has this problem.
What would it take to call a script each time a lease is given?
Carl K
More information about the dhcp-users
mailing list