BIND 8.2.3 problem with reverse zone

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Wed Jul 3 08:59:53 UTC 2002 

maurywind at interfree.it wrote:

> Hi All,
> [Sorry for my english, it's very bad !!]


> I'm a administrator for lan-company, now i administer our DNS service, but i unknow very well BIND, i attend to receive a book "DNS and BIND 4th" (O'reilly editor).
> We have a primary name server and others two slave name Servers with BIND 8.2.3. The first is SUNsolaris 8, others are RedHat 7.2 In addition we have 20 server W2k-server whit DNS(NS slave) and DHCP server !! All service work fine except update the reverse db !! I know that target of Internet-DNS is to convert a hostname in  ip-address (only), but here, for some applications, is necessary to have the reverse resolution : ip-address in hostname. The big problem is that:
> Into reverse db, BIND only add a new RR's, when lease expires not delete the old RR's

All applications i am aware of does not care _what_ name is returned as long as forward and
reverse is consistent. A lot of people thinks that their application demands that
the name returned via DNS has to coincidence with the hosts own idea.

Some others uses DNS as some kind of authorization ( usually by updating DNS
with DHCP ) . This is BROKEN in many respects and not worth doing. Remember that
DNS is an unsecured protocol and has no provisions for securing
that the information is correct or even comes from the proper source ( Not
mentioning DNSSEC which M$ cannot cope with anyway)

> when the DHCP-servers assign the same address to a new host, this RRs is added to old reverse record instead to delete old record before to add new record !! In effect, if i watch a ip (exemple: 192.168.1.100) into db.192.168.0.0.rev i see:

> $ORIGIN 1.168.192.in-addr.arpa.
> 100     900  IN   PTR  hosname1. domain.com    (FQDN)
>         900  IN   PTR  hosname2. domain.com    (FQDN)
>         900  IN   PTR  hosname3. domain.com    (FQDN)
>         ......
> 101     ......

> .... As you know, the third RRs hostname3.domain.com is the current lease !!.

> 1) Why hostname1 and hostname2 are not deleted by DHCP-server?

Becouse the DHCPserver has not deleted them. DNS will happily add a RR, but
will not "automatically" delete them.

> 2) !! It's normally ??

Yes.

> 3) It is a Microsft problem ??

Yes.  Actually M$-2000 has a "solution" in their environment,
they keep a 3-rd timer value on all RR, the third is set to
"scavaging time" ( defined in w2k-dns ) and when scavaging time has
expiret the RR is deleted.

> 4) We must change some parameters or properties in W2K servers ??

For this "scavaging-timer" to work you must use w2k-dns as master.

> 5) Have you some best solutions ??

Have you considered using "constant" hostnames ( dhcp-1.domain.tld )  ?


> Note that into DHCP-Server properties (DNS-task) i've activated the: "Discard forward (name-to-address) lookups when lease expires" and "Automatically update DHCP client information in DNS" and "Always update DNS"

>  Many thanks for your help !


> -----------------------------------------------------

> Salve, il messaggio che hai ricevuto
> è stato inviato per mezzo del sistema
> di web mail interfree. Se anche tu vuoi 
> una casella di posta free visita il
> sito http://club.interfree.it
> Ti aspettiamo!

> -----------------------------------------------------




-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list