Multiple DHCP Servers with DDNS Best Practice/Workaround?

[Simon Hobson]

Colin Simpson wrote:

>Or has anyone got a cunning way round this?

One cunning idea that comes to mind is to look in the source code and 
see how the TXT record is created - ie where the data comes from. For 
a closed setup you could modify the servers so they use the same base 
information, and thus generate the same TXT record contents.
In this way, any server in the group could update the A record 
regardless of which server created it.
That would just leave the issue of server deleting the records when 
the lease expires. The only easy way round that which comes to mind 
is to modify the code to not delete them at all. That does mean your 
zones will slowly fill up with old cruft, and the only way I can see 
round that is to either periodically delete the lot and wait for the 
real entries to re-appear*, or to write some scripts that will parse 
the leases file to find active leases and delete everything else, or 
another cunning plan**
* Devices which renew an existing lease won't trigger a DNS update, 
but devices getting new ones will. Unless you set the flag to do 
updates for every renew.

** Dunno how practical this is ...
Modify the code so that when adding or updating the A and TXT 
records, it adds/updates another TXT record with the expiry date of 
the lease. I assume it's valid to have multiple TXT records. Your 
cleanup script can then look at these data TXT records to determine 
which A records are still associated with a valid lease, and which 
should be deleted.

>And this argument against stamping on each other's toes, would be more
>relevant if a malicious/stupid user couldn't already screw up say a
>server, by giving their machine a server's name. I'd presume that DHCPD
>would happily overwrite the static DNS entry (for the server's static
>IP), esp if say a Windows DC that adds DNS entries itself to DNS (but no
>TXT entries attached to them). Should I be adding my own random TXT
>entries to static DNS entries if they share a zone with DHCP manage
>DNS?

If the TXT entry isn't there, the server won't delete the A record - 
that's by design is there explicitly to avoid the problem you 
describe.
For a Windows DC, a good trick is to keep the domain on your 
Linux/Unix server, and either delegate the half a dozen 
"_<something>" somains to the Windows box, or host them on the 
Linux/Unix box with permissions set to allow the Windows server to 
update them. Set up right, nothing but the Windows server should be 
able to update them and they are safe from stomping over.

>Sadly the subnets in our situation don't all share a switching
>infrastructure so a single server with DHCP relaying is not an option.

You don't need a common switching network - only a means of routing 
packets. If there is a route between each subnet and the server then 
that's all that is needed (plus a remote relay agent of course). 
Since all the server seem to have routing to a common DNS server, I 
would have thought your network would support the required routing.

>And does this work properly with de-registering from an existing subnet
>and re-registering on a new one (out of interest)?

Yes. If a client releases it's lease then the DNS entries for it are 
removed. When it takes a lease in another subnet then it will get new 
DNS entries.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.