DNS name and dynamic IP

Kevin Darcy kcd at daimlerchrysler.com
Fri Nov 5 01:21:40 UTC 2004 

sinister wrote:

>I connect to a Solaris box via SSH over VPN from my home Windows XP Home 
>box.
>
>I started finding all these weird names in the wtmpx file on the Solaris 
>box.  (It's a log file with a list of users, connect times, connecting 
>IP/name, etc.)
>
>Called IT support and he said it was something like the following.  (Pardon 
>my obvious lack of knowledge of the subject.)  One name server has been 
>setup so that on reverse lookup the names resolve statically as 
>vpn-xxx-xxx-xxx-xxx.domain.xxx.  The other name server, the one the Solaris 
>box queries, was setup to lookup the name based on technologies related to 
>DDNS, DHCP, etc.  (Here's where my lack of knowledge is showing.)  Something 
>like, when someone connects, their client can carry a name that their ISP 
>passes on to the name server.  These names are supposed to be deleted when 
>the connection closes, but if it's not closed gracefully, they might not be 
>deleted for a few days.  He thought it likely that my home machine doesn't 
>have such a name assigned to it, so when I connect there's nothing to 
>overwrite the stale record there (if there is one) for that IP address. 
>Then when the Solaris box tries reverse lookup, it's given the stale name.
>
>(1) Can I stick a name on my Windows box (something like first.last at isp.net) 
>so the stale records are overwritten?
>(2) What's the name of this technology?  (I tried searching on DDNS, DHCP, 
>BIND, etc, but didn't have enough knowledge to use keywords that would allow 
>a google search to answer my question.)
>(3) Is the support guy's explanation accurate?  Or is their name server not 
>behaving according to specs?
>
I think I know what the guy is getting at. Many enterprise products for 
DNS and DHCP (e.g. Nortel's NetID and Lucent's QIP are two that I've 
worked with) have the ability to integrate the two subsystems, i.e. 
whenever a DHCP lease is given out, a fully-qualified DNS name is 
determined for that particular node, and the corresponding name is added 
to DNS. Conversely when a DHCP lease is expired or relinquished, the 
associated DNS name should be deleted. If the client doesn't send a 
"hostname" (DHCP option 12) or a "client FQDN" (DHCP option 81), then 
the DHCP/DNS system may simply make up a name for the client, based on 
defaults, rules and/or heuristics. So if your client is not sending 
either of those and you're getting different addresses from the dynamic 
address range on different VPN connections, your reverse DNS resolution 
may vary and you might see a bunch of "weird" names.

As far as I know there aren't any standards to govern how DNS and DHCP 
are integrated, if at all.

Is this really a problem though? If you ever need to audit your own VPN 
connections, then the contents of your Solaris box'es wtmpx, together 
with the audit history from the DNS/DHCP system, and perhaps also from 
your VPN system, you should have enough information to go on.

                                                                         
                                          - Kevin

More information about the bind-users mailing list