Multiple DHCP Servers with DDNS Best Practice/Workaround?
Simon Hobson
dhcp1 at thehobsons.co.uk
Wed May 11 19:54:58 UTC 2011
Colin Simpson wrote:
>Or has anyone got a cunning way round this?
One cunning idea that comes to mind is to look in the source code and
see how the TXT record is created - ie where the data comes from. For
a closed setup you could modify the servers so they use the same base
information, and thus generate the same TXT record contents.
In this way, any server in the group could update the A record
regardless of which server created it.
That would just leave the issue of server deleting the records when
the lease expires. The only easy way round that which comes to mind
is to modify the code to not delete them at all. That does mean your
zones will slowly fill up with old cruft, and the only way I can see
round that is to either periodically delete the lot and wait for the
real entries to re-appear*, or to write some scripts that will parse
the leases file to find active leases and delete everything else, or
another cunning plan**
* Devices which renew an existing lease won't trigger a DNS update,
but devices getting new ones will. Unless you set the flag to do
updates for every renew.
** Dunno how practical this is ...
Modify the code so that when adding or updating the A and TXT
records, it adds/updates another TXT record with the expiry date of
the lease. I assume it's valid to have multiple TXT records. Your
cleanup script can then look at these data TXT records to determine
which A records are still associated with a valid lease, and which
should be deleted.
>And this argument against stamping on each other's toes, would be more
>relevant if a malicious/stupid user couldn't already screw up say a
>server, by giving their machine a server's name. I'd presume that DHCPD
>would happily overwrite the static DNS entry (for the server's static
>IP), esp if say a Windows DC that adds DNS entries itself to DNS (but no
>TXT entries attached to them). Should I be adding my own random TXT
>entries to static DNS entries if they share a zone with DHCP manage
>DNS?
If the TXT entry isn't there, the server won't delete the A record -
that's by design is there explicitly to avoid the problem you
describe.
For a Windows DC, a good trick is to keep the domain on your
Linux/Unix server, and either delegate the half a dozen
"_<something>" somains to the Windows box, or host them on the
Linux/Unix box with permissions set to allow the Windows server to
update them. Set up right, nothing but the Windows server should be
able to update them and they are safe from stomping over.
>Sadly the subnets in our situation don't all share a switching
>infrastructure so a single server with DHCP relaying is not an option.
You don't need a common switching network - only a means of routing
packets. If there is a route between each subnet and the server then
that's all that is needed (plus a remote relay agent of course).
Since all the server seem to have routing to a common DNS server, I
would have thought your network would support the required routing.
>And does this work properly with de-registering from an existing subnet
>and re-registering on a new one (out of interest)?
Yes. If a client releases it's lease then the DNS entries for it are
removed. When it takes a lease in another subnet then it will get new
DNS entries.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list