Leases on Dynamic Updates?

Chris Buxton cbuxton at menandmice.com
Tue Jan 29 19:22:39 UTC 2008 

On Jan 28, 2008, at 8:40 PM, Danny Mayer wrote:
> Chris Buxton wrote:
>> The proposal expired almost a year ago. Has it been updated,  
>> replaced,  or ratified?
>> It's a good idea, similar to Microsoft's aging and scavenging  
>> routine.  Optimally, it would be nice if Microsoft and the proposed  
>> standard  could be brought into line; since MS has been doing this  
>> now for 8  years or so, I think any proposal should use Microsoft's  
>> mechanism,  assuming it's not too broken.
>> However, this is a discussion for a different forum. To answer  
>> your  question, no, BIND does not support the expiring of RR's  
>> from  authoritative data. (Unless I've missed something...)
>
> I disagree. The DHCP server owns the lease on the address. It knows  
> when it expires and is not renewed. Let it perform the DNS cleanup.


Leaving aside the discussion of non-DHCP dynamic environments  
(zeroconf and some IPv6 configs) for the moment, yes, the DHCP server  
knows about the lease. But what if it doesn't know what zone was  
updated?

A customer asked us about Microsoft's aging and scavenging system,  
including having the DHCP server or the client machine performing the  
updates to forward and reverse zones. After some discussion with them,  
it became clear that, in their case, Microsoft's default behavior of  
having the DHCP server handle the PTR record, but having the client  
handle the A record, makes perfect sense in their case.

The organization has offices around the world, and each office has a  
different domain name (e.g. na.parent, eu.parent, etc.), and there may  
be further divisions below that (fin.na.parent, sales.na.parent,  
etc.). When a laptop is taken from place to place, its A record must  
always have the same name, but the reverse zone is site-specific. So  
rather than have the DHCP server try to figure out which regional  
domain to update, the client updates the A record.

On the other hand, updating the PTR records from the DHCP server made  
perfect sense - it's more reliable, since the DHCP server is unlikely  
to be unplugged from the network without warning, and the DHCP server  
can be told what reverse zone to update for leases from a particular  
"scope" (what MS calls a subnet in DHCP management).

So, to solve the problem of stale A records after a client machine has  
been suddenly unplugged from the network, Microsoft created an  
optional age value for dynamic records. I don't remember all the  
details offhand (I'm more of a BIND tech than an AD tech), but there's  
an interface to allow an administrator to set an age value for the AD- 
integrated zone, and the client tells the DNS server to age the  
record, or something like that. The mechanics from that point are  
similar to TTL's for cached records (although, in our experience and  
as reported to us by Microsoft themselves, far less reliable). Of  
course, every time the client renews the DHCP lease, it also renews  
the age value of the A record.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.

More information about the bind-users mailing list