DHCP and DDNS

Thomas Mandl thomas.mandl at analog.com
Tue Mar 5 10:55:59 UTC 2002 

Hello All,

sorry if this is OT, but maybe someone out there knows the answer:

Here's my problem:

DHCP Server: a Windows 2000 Advanced server w/ SP2 is acting as internal DHCP server
DNS Primary: ISC BIND-8.2.3 running on a SUN/Solaris 8 machine
DNS Secondary: ISC BIND-8.2.3 running on a SUN/Solaris 8 machine
DHCP Clients: Windows 2000 workstation and some Linux Red Hat 6.2 and 7.2 hosts

The DHCP Server is configured to send Dynamic DNS updates (DDNS) to the master DNS server.
Only the DHCP server is allowed to register (A) and (PTR) records with the master DNS server (the allow-update statement in named.conf specifies only the IP address of the DHCP server). No Windows
2000 client is allowed to update the DNS records themselves. 

Q1: What would happen if the master DNS server becomes unavailable, but the secondary is still alive. How (if at all) can the DHCP server register it's (A) and (PTR) records. AFAIK DDNS updates can
only be sent to the zone's authoritative master DNS server, as the master server is the only server with a *writeable* copy of the zone data. BIND 8 implements a update forwarding feature as described
in RFC 2136 but where would the slave server (which now receives the dynamic updates instead of the master (which is down) - forward it's dynamic update request? There is only one authoritative master
and one slave server for this zone.

Q2: Dynamic updates and Serial Numbers:
When a name server processes a dynamic update it's changing the zone data and increments the zone's serial number to signal the changes to the slave server. For BIND 8 this is done automatically,
however the server does not increment the serial number for each dynamic update automatically. BIND 8 name server (quoted from DNS and BIND/O'Reilly 4th Edition) defer updating a zone's serial number
as long as five minutes or 100 updates (whichever comes first). DDNS updates are written to a logfile. One can see these log files on the directory where the zone files are kept.
Now here's my question: What happens if i have more than 99 changes of the serial numbber per day (as the last two count digits in the serial number increase by one up to 99)?

Q3: I also need to manually add/delete zone records from the BIND 8 master zone files (The DHCP address pool is only about 60 IPs out of 255). I have all my zone files in an RCS archive, so i never
edit the zone data in place (the zone data BIND uses). When i make changes to the zone data i edit my RCS controlled zone files and copy the modified master zone files to the master server and restart
it. Thus i *overwrite* BIND's copy of the zone data (incl. the DHCP assigned A/PTR records) with my new zone data. I do not overwrite the log files which are created when a DDNS update is requested.
Tests turned out, that BIND still knows the A and PTR records after a restart (and after overwriting BIND's master zone files). How does BIND handle this? I could not find any reference for this. Are
the log files merged into the new zone data during a restart?

Q4: When manually editing (see Q3)  the master's zone files how should one increment/set the new serial number? Let's assume the original serial number of the RCS controlled zone files is 2002030500
and i restart named with this serial number. Now a couple of DDNS updates are sent from the DHC server to the primary master DNS server, automatically incrementing the serial number to e.g.
2002030504. I do not see the automatically incremented serial number unless i check out the log files created by BIND-8 and see what serial number has been automatically assigned. Let's assume i do
not check the self updated serial number. Now i add a static (A) and (PTR) record and increment the serial number (according to my initial value) from 2002030500 to 2002030501! What happens now???
Would this corrupt the zone data (and the secondary server data) as the serial number is now lower than the serial number which has automatically assigned by BIND due to the DDNS recent updates?

Q5: I noticed that if a client's lease expires (and the client is offline) the (A) record is successfully removed from the DNS master zone, but not the PTR record. The reverese lookup (IP to name) is
still possible. I would expect that both (A) and (PTR) records are removed from the DNS zone data. Is this something Windows 2000 specific?

Q6: I know this might be more OT but if anyone knows this i would be more than happy!!!
I want to automatically assign a FQDN to Windows 2000 clients. One can do this during the installation of the Win2k machine (in the Network properties) and then it's hard coded. But as i have many
roaming users from different networks, i was looking for a smarter approach. I found out that DHCP extended Option #81 will do this for me (#81 = Client FQDN), but i can not include this option to the
active scope, because it is not available any of the Windows 2000 default options. Do i have to create a custom vendor class to include this extended option #81?

Q7: My last question: I'd rather like to have the DHCP service running on one of my UNIX boxes, but in this case i'm bound to a Windows 2000 Server. But maybe i can find a technical argument to switch
over to UNIX DHCP server. How are your practical experinces with the latest ISC BIND server in a heterogenious environment consisting of all flavours of Windows, Linux, SUN/Solaris, etc...

Many thanks for your time and your help
best regards
Thomas
-- 
Ing. Thomas Mandl                    Senior Systems Administrator

Analog Devices Vienna Design Center  e-mail: thomas.mandl at analog.com
Tech Gate, Gate 1, 2nd Floor         phone:  +43 1 2638969 1025
Donau City-Strasse 1+8               fax:    +43 1 2638969 1015
1220 Vienna, Austria

More information about the bind-users mailing list