[ddns] "update-conflict-detection" and co-existing DHCPv4/v6 servers
Peter Rathlev
peter at rathlev.dk
Wed Mar 21 23:58:01 UTC 2012
On Wed, 2012-03-21 at 16:43 +0100, Nicolas C. wrote:
> The problem is the follow : when "update-conflict-detection" is
> disabled, a client can indirectly update and even delete A records by
> booting on the network with the same name of a server for example.
Place client hosts in different domains than servers. I have an idea
that Microsoft Windows "Active Domain" doesn't support this, but that's
a limitation of their implementation. AFAICT current Windows DHCP
servers face the exact same issue you describe.
> Alternatively, is it possible to "lock" some records to prevent update?
You could control this on the DNS server. I know BIND allows for a
rather granular update policy.
--
Peter
More information about the dhcp-users
mailing list