unapporved update

Michael Voight mvoight at cisco.com
Wed Sep 8 17:46:03 UTC 1999 

But if it is NOT specifying a zone for the CNAME check, then it is
WRONG.

Michael

Barry Finkel wrote:
> 
> Jim Reid wrote:
> >    Barry> If there is interest I can post my summary of the WIN 2000
> >    Barry> Workstation dynamic update requests.
> >
> >Yes please! It would be a great help to the list if people shared
> >their experiences with W2K and what it does to the DNS. Those who are
> >at the bleeding edge of this technology can help to make it less
> >painful for the rest of us.
> 
> I am not an expert in Dynamic DNS (RFC 2136), nor am I an expert in
> the DNS RFCs (1034/1035), so I may have misinterpreted the DNS
> update records sent by the Windows 2000 Workstation computer.
> The machine LIZZARD.ctd.anl.gov is at address 146.137.160.161; it
> sent numerous dynamic DNS update requests, each in three update
> packets:
> 
>   1) If (LIZZARD is a CNAME) then return(YXRRSET [7]).
>      If (LIZZARD does not point to 146.137.160.161) then return(NXRRSET [8]).
>      If ((LIZZARD is not a CNAME) and (LIZZARD points to 146.137.160.161))
>            then RETURN(NOERROR).  [No update zone is specified.]
> 
>   2) If (LIZZARD is a CNAME) then return(YXRRSET [7]).
>      If (LIZZARD fwd pointer exists) then return(YXRRSET [7]).
>      If ((LIZZARD is not a CNAME) and (LIZZARD fwd pointer does not exist))
>            then add a forward pointer.
> 
>   3) Delete any existing reverse pointer for 146.137.160.161, and
>      add a reverse pointer for LIZZARD.
> 
> Note that the first packet has no update zone.  I assume that this is
> only for checking return codes.  But my DNS returns NOTAUTH for
> each attempt, and if the MS code were checking return codes, it
> would not have sent packets 2) and 3).  If a Windows 2000 Workstation
> is online and has a correct IP name and address, then packets 2) and 3)
> are OK.  If the machine happens to be on the network with an incorrect
> name and/or IP address, then packet 2) will fail if the name is already
> registered.  But packet 3) will ALWAYS change the reverse pointer.
> This scares me.  On a Windows 2000 Workstation, you can disable the
> auto-register via these steps:
> 
>     Start
>          Settings
>                Network and Dialup
>                      Local Area
>                            Properties
>                                 Adapter
>                                      Protocols
>                                           TCP/IP
>                                                Advanced
>                                                     DNS
>     The "Register this name" box should NOT be checked.
>     If you have to uncheck the box, then you must reboot to have the
>     change take effect.
> 
> As I stated in a previous posting, Windows 2000 Server is a different
> animal; it uses RFC 2052 extensively.
> 
> If anyone wants to see the raw sniffer records and check to see that
> I have decoded them properly, let me know; I can send you the raw
> records.  I would like some volunteer who knows the RFCs to check my
> work, as these are the first DNS sniffer records I have decoded.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
> Building 221, Room B236              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4844             IBMMAIL:  I1004994

More information about the bind-users mailing list