DHCP updating DNS

[joe at ispsoft.de]

Hi,

I am interested in setting up a site with dynamic DNS. (Don´t tell
me I shouldn´t, I am aware of the potential problems and they are
the reason I am asking.)

After reading the DHCP handbook, the RFC´s 2036 and 2037 and
draft-ietf-dhc-dhcp-dns, the bind FAQ and docs and the newsgroup
archives of comp.protocols.dns.bind I am under the impression that
either very rare sites are using this feature or it is done silently.
This is ugly, because a lot of questions are open for me. Perhaps some
of you can help?

1.) Are there any more recommendations of sources I should read?

2.) Any experiences with Dynamic DNS? Known problems? DHCP trapdoors?
    Links to other sites than ISC?

3.) In particular: Any experiences with bind 8.2 or later under HP-UX?
    Or the Cisco DHCP server in connection with bind?

4.) Which server soft- or hardware does support the dhc-dhcp-dns draft?
    I know that the ISC dhcp 3 does support it partially, but not the
    KEY RR´s.

5.) Besides the idea to use a special zone for dynamic DNS, are there
    any other recommendations for protecting the static IP area? In
    particular, is it possible to protect a range of PTR records?
    For example, if I know that 192.168.1.1-127 are fixed IP adresses,
    but 192.168.1.128-254 is allocated dynamically, can I protect
    the range 1-127?

6.) If I restrict updates to the DHCP server itself, and obey 5.),
    do you still see security flaws?

7.) The above draft suggests that the zones serial number will not
    always be updated, at least not in nonvolatile memory. (If I
    get it right.) Instead it suggests to use a transaction log
    (for example bind´s IXFR files) or similar techniques. Are there
    any ideas for getting the serial number fail safe? In other words,
    if the primary breaks down, is there some guaranteed way to
    restore the serial number, so that the secondaries can sync
    immediately?


Thanks in advance,

Jochen


Sent via Deja.com http://www.deja.com/
Before you buy.