AW: Prevent PCs from using Server hostnames

Zenz, Thomas Thomas.Zenz at oenb.at
Sat May 20 06:36:26 UTC 2017 

Hi Simon

Thank you for the quick answer.
We were facing the problem because the servers get set up using DHCP and then the server admin changes the record without deleting the TXT record.  So the DHCP server could change the record again.

We use failover and do have failover tests every year for a week. So I set the remaining server to partner-down. Could this be an issue?

Regards Tom

- by Phone
________________________________
Von: Simon Hobson<mailto:dhcp1 at thehobsons.co.uk>
Gesendet: ‎19.‎05.‎2017 13:11
An: Users of ISC DHCP<mailto:dhcp-users at lists.isc.org>
Betreff: Re: Prevent PCs from using Server hostnames

"Zenz, Thomas" <Thomas.Zenz at oenb.at> wrote:

> To prevent Clients form using server hostnames and so pull traffic to the client, I added the following script:

No need.
IFF your servers are in the DNS (and not themselves allocated by the same DHCP) then DHCP is refuse to update the DNS with a matching entry.

If you look in your DNS zones, you'll find that the A records for your clients are also accompanied by a TXT record with some long "random" string. The TXT record is a key (hashed from client information) to show that the A record was created by the DHCP server - and if it's not present, then the DHCP server will not update/replace the A record.
This is there specifically to avoid the issue you describe - allowing a client to over-write DNS records that don't belong to DHCP clients.

It's not just servers - it's anything you've statically configured.

_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

Diese E-Mail kann vertrauliche Informationen enthalten und irrtümlich an Sie gelangt sein. In diesem Fall informieren Sie bitte sofort die Absenderin bzw. den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail oder von Teilen dieser Mail sind nicht gestattet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20170520/df866242/attachment.html>

More information about the dhcp-users mailing list