ignore client-updates
Glenn Satchell
glenn.satchell at uniq.com.au
Wed Sep 4 23:47:58 UTC 2013
On Thu, September 5, 2013 7:00 am, Martin McCormick wrote:
> Chris Buxton writes:
>> Where did you read that?
>>
>> I would use 'deny client-updates' rather than 'ignore'. I would
>> certainly
>> not suddenly switch to 'allow', for exactly the reasons you gave ? it
>> wreaks havoc. (But why are your DNS zones accepting updates from
>> clients?)
>
> I think this is turning out to be a misunderstanding on
> our part as in me and my coworkers.
>
> we were set up for years to allow clients who had
> configured their own host names to register the left-most part
> of their name when obtaining a dynamic lease. A static bootP
> registration uses a name we provided, usually at the client's
> request, but still, we provided it and the client system
> couldn't change it.
>
> We were under the impression that denying client-updates
> was deprecated and so we started allowing them which is causing the
> Active Directory systems to begin registering reverse A records
> with the ad.okstate.edu fqdn. The directive is working exactly
> as advertised so here is another question as I begin the process
> of persuading my coworkers that we need to go back to our
> original settings.
>
> We were originally set to
> ignore client-updates;
> This was mainly because we didn't want to log attempts but let
> them silently occur. If we went to deny client-updates, what
> would be the difference?
>
> Thanks for the information.
>
> Martin McCormick
This is from the dhcpd.conf man page in the section THE INTERIM DNS UPDATE
SCHEME:
Further, if the ignore client-updates; directive is used,
then the server will in addition send a response in the DHCP
packet, using the FQDN Option, that implies to the client
that it should perform its own updates if it chooses to do
so. With deny client-updates;, a response is sent which
indicates the client may not perform updates.
So, ignore allows the client to do an update if it wishes to; deny tells
it to not do updates. Depending on the client, it may not send an update
in either case.
I'd just set it back to what you had originally, since that was working
the way you wanted.
regards,
-glenn
More information about the dhcp-users
mailing list