nsupdate and round robin

Kevin Darcy kcd at daimlerchrysler.com
Thu Jan 4 03:58:44 UTC 2007 

Victor Hugo dos Santos wrote:
> 2007/1/2, Kevin Darcy <kcd at daimlerchrysler.com>
>
> look this records of  one zone:
>
> www     60      IN      A       50.50.50.50
> www     60      IN      A       100.100.100.100
> www     60      IN      A       200.200.200.200
> www     60      IN      A       222.222.222.222
> www     60      IN      A       111.111.111.111
>
> this five records is update for distintis clients/machines.. and the
> "idea" is that each machine update your own record and not others.
> now, supposing that your is one my clients/machines, how your know as
> of the registries (in the example of above) it he is yours ???
>
> remember that the IP address of clients/machines is dynamic and is
> changed constantly.
>
> they understand my problem now or no ???
>   
OK, I see what you're saying now. The client's address changes and it 
wants to delete the previous address and add the new address. There's no 
convenient way to do that currently within the widely-deployed DNS 
protocol, that's what http://www.rfc-editor.org/rfc/rfc4701.txt is all 
about, but apparently BIND does not yet support that RR type. I don't 
know that any DHCP clients natively support DHCID either, but then I 
haven't researched the subject in any depth.

In the meantime, the only option that comes to mind would be to keep 
track of those old assignments on your own. You could use a separate 
database for the purpose, or you could encode the data directly in DNS 
as, say, TXT records enumerating MAC-address/IP-address pairings, which 
would be Dynamically Updated in parallel with the regular A/PTR updates 
associated with dynamic address assignment. If you encode the data 
directly in DNS, then, in order to avoid exposing potentially-sensitive 
network information to untrusted parties, you'd probably want to put 
that data in a separate subzone with controlled access, however, e.g. 
dynamic.www.example.com. If you use MAC address or something similarly 
mutable to uniquely identify your clients, then you'd probably also want 
to supplement the mechanism with some sort of periodic "scavenging" 
process which deletes obsolete records, which implies adding some sort 
of timestamping format to the records as well.

If on the other hand you decide to use a database outside of DNS itself, 
then ideally it should at least be a _shared_ database (with appropriate 
locking mechanisms, e.g. a modern RDBMS system) so that clients don't 
step on each other by deleting an "old" A RR of their own which happens 
to have been re-assigned to another client which is legitimately using 
it. Thus, it probably wouldn't be a good idea to try something as crude 
as simply saving the last-assigned dynamic address in a local text file 
on the client.

                                                                         
                  - Kevin

More information about the bind-users mailing list