BIND 9/8 Question DDNS Question
Cricket Liu
cricket at menandmice.com
Fri Nov 16 00:16:56 UTC 2001
> Actually these are methods of control that are currently
> in place for the
> "company.com" zone. In the situation described below the DHCP server is
> defined in the "allow-update" control field.
>
> Scenario:
>
> Let's just say that you enable DHCP on your servers. Define them
> manually,
> so that they have the same IP address all the time. Mail.company.com =
> 10.10.10.100
>
> Now let's say that I plug into the same network, and my
> workstation name is
> mail. I now get a DHCP offered lease of 10.10.10.250, and a DHCP offered
> domain of company.com. What is my FQDN?? Won't it be mail.company.com??
> Won't we now have a round robin for mail.company.com?? What would prevent
> this from happening?? Even if I was not in the same network as
> the original
> mail server, wouldn't this work if I was served by the same DHCP server.
> This is due to the fact that the DHCP server is authorized to update the
> zone via the "Allow-update" parameter, right??
>
> mail.company.com 10.10.10.100
> mail.company.com 10.10.10.250
> (Won't I now get, due to the round robin, 50% of the hits??)
Actually, you'll probably get 100%, since most DHCP servers first delete
addresses attached to the domain name before they add a new one.
Some DHCP servers also set prereqs to detect the existence of the
old address record before they delete it and use some scheme to
disambiguate the domain name, but not all do.
No, what you're talking about is a very real problem with some DHCP
servers and with IP address-based authorization of dynamic updates.
(I thought you meant something else when I saw the quote you picked.)
I had a customer that began using dynamic update and had a user
accidentally pick the name of a major server for his hostname.
Poof! went the address of the server.
That's why it'd be nice if DHCP servers, et al., supported TSIG-
signed dynamic updates more widely. Then we could use update-policy
instead of allow-update.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list