Dynamic DNS
Kevin Darcy
kcd at daimlerchrysler.com
Thu Sep 14 22:09:25 UTC 2000
Yuck, you mean it sends prereq's without an update, just to "probe"? That seems
rather perverse. Why doesn't it just do normal DNS lookups, which are more
efficient? Seems like DDNS abuse to me. IMO, RFC 2136 should have outlawed such
packets, or should be amended to do so.
In any case, thanks for the clarification, Barry, as infuriating as it was. With
such bogosities, I'm glad we're not implementing Win2K automatic client
registration here.
- Kevin
Barry Finkel wrote:
> adalessandro at odione.co wrote:
>
> >I am trying to setup Dynamic DNS for our internal nameservers, but I am
> >confused.... Do the A records ever expire or get removed out of the
> >nameservers cache?
> >For example, I had a host register "host01", then changed the name of the
> >machine, rebooted, and it registered the new name "host02" into dns, however
> >it did not remove the host01 entry (they both point to the same IP).
> >
> >I am also getting this error:
> >
> >Sep 13 11:22:23 ns01 named[155]: error processing update packet (NXRRSET) id
> >11 from [64.28.75.25].1058
> >
> >The dynamic updates are coming from Win2k DDNS in the TCP/IP properties...
> >Can someone shed some light on this anomaly?
>
> My response is in addition to Kevin Darcy's response.
> With DDNS, it is the responsibility of the client (e.g., Win2k
> workstation) to send a DDNS packet that contains proper pre-requisite
> checks and does proper cleanup. I have posted to this group in the
> past detailed information as to the update packets that a Win2k
> workstation sends to DNS. Check the archives for more details.
> (My records show that I posted Sep 08, 1999 and the thread subject was
>
> Re: unapporved update
>
> [with the two interchanged letters].) I believe that I have posted
> other examples since then. Essentially if you have registered a
> forward address (either manually or via DDNS):
>
> xxx ===> 111.222.333.444
>
> and then you rename the computer from xxx to yyy and have W2k send
> a dynamic DNS update:
>
> yyy ===> 111.222.333.444
>
> the MS DDNS packet will make these pre-req checks:
>
> a) Is yyy a CNAME? If so, then return(YXRRSET [7]).
> If it is a CNAME, then it can't also be an "A".
> b) Does yyy point to 111.222.333.444? If no then return(NXRRSET [8])
> c) return (NOERROR). [No update zone is specified.]
>
> There is no update zone in the packet, so all this DDNS packet is doing
> is creating one of three return codes. I assume the MS DNS code looks
> at the return code and acts accordingly. In the case you posted,
> host02 was not registered before the DDNS packet arrived, so the pre-req
> check b) returned NXRRSET (and also wrote the message to the log file).
>
> The MS Win2k packets do not check the reverse pointer
>
> 111.222.333.444 ====> xxx
>
> (but there is no requirement that it be registered), so it does not
> know that xxx was registered to that address. As a result, you see
> both xxx and yyy pointing to 111.222.333.444.
>
> Note that in the case of reverse pointers, the only pre-req check that
> MS makes is a check for an existing CNAME. If there is no CNAME, then
> the update section of the DDNS packet does two things:
>
> 1) removes any existing registration for 111.222.333.444 ==> xxx
> 2) registers a new name for 111.222.333.444 ===> yyy
>
> So, if you have a misconfigured Win2k box registering itself, then it
> can re-register any existing reverse pointer.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-9689
> Building 221, Room B236 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4844 IBMMAIL: I1004994
More information about the bind-users
mailing list