Automatic Removal of DHCID TXT Records

Merton Campbell Crockett m.c.crockett at roadrunner.com
Sat Nov 7 16:31:38 UTC 2009 

On 05 Nov 2009, at 10:02:38, David W. Hankins wrote:

> On Mon, Nov 02, 2009 at 06:34:20AM -0800, Merton Campbell Crockett  
> wrote:
>> Is there a way to define for certain pools that DHCID records are  
>> to be
>> deleted when a DHCPRELEASE is processed or the lease expires without
>> renewal?
>
> You are describing the default behaviour.  Are you running an older
> version and disabling conflict-detection or something?  DHCP's DDNS
> has to use two updates, one to remove the A, another to remove the
> DHCID IFF all A and AAAA records have been removed.  Is the second
> update reliably failing for some reason?

DHCP 3.1.2p1 is being used on a system where BIND 9.4.3-P3 is the  
master for the DNS zones local to the site.  BIND is configured to  
restrict zone updates to the DHCP process running on the same system  
at all sites.  The DHCP server updates both forward and reverse  
zones.  DHCP clients are not permitted to perform any zone updates.

At 46 of the 50 sites, there are no known DHCID problems.  The DHCID  
problems occur only at 4 sites that support a VPN access point.  The  
problem appear to arise from the fact that the pool for the VPN access  
point is constrained by the number of connections that the VPN access  
point hardware can support at any given time.  This results in the  
same IP address being used for multiple systems and creating the DHCID  
problem.

With the default "update-conflict-detection true;", DNS zone updates  
fail due to the DHCID mismatch.  Defining "update-conflict-detection  
false;" eliminates the DHCID problem but creates a secondary problem  
when the lease expires because the "new" DHCID is not written to the  
zone file when an IP address is assigned to a different system.

Should a user switch from one VPN access point to another due to  
network issues or the number of users using the first VPN access  
point, the user's system will appear to exist at multiple locations.

I understand that the failure to create the DHCID record is addressed  
in DHCP 3.1.3.  Due to slavish adherence to "process" in my company,  
I'm still waiting for approval to upgrade DHCP.  :(


Merton Campbell Crockett
m.c.crockett at roadrunner.com

More information about the dhcp-users mailing list