DDNS - limitation and excluding updates from certain networks

Wed Dec 20 20:13:51 UTC 2017

Hi Hans

if you can afford, use ISC DHCP server DDNS method : 

- only DHCP server is allowed to update DNS server (forward / reverse zone), protect NSUPDATE with ACL, or better tsig
- in dhcpd.conf : 
	ddns-updates           on;
	ddns-update-style      interim;
	ignore                 client-updates;
- and, always in DHCPD.conf, set that only in the subnet you want.

the interim style use for each A record a TXT records to ensure that 'static' dns entries are not overwritten by dynamic (dhcp) client.

http://www.zytrax.com/books/dns/ch9/dhcp.html

Philippe

> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of
> MAYER Hans
> Sent: Wednesday, December 20, 2017 2:27 PM
> To: bind-users at isc.org
> Subject: Re: DDNS - limitation and excluding updates from certain networks
> 
> 
> Dear Mukund,
> 
> Many thanks for coming back.
> 
> > You'll have to explain what you mean better for a more specific answer,
> > but see the manual for the "allow-update" ACL config option
> 
> In my zone configuration I have an “allow-update” statement.
> Here I define all networks which are allowed to dynamically update the DNS
> entries.
> 
> But my zone contains other IP addresses too. Not only those of the PCs.
> These are static names/addresses which are seldom changed.
> 
> And of course the complete zone is a dynamic zone.
> 
> And I don’t wont that this static names can by changed by someone out of
> an IP range, where it is allowed.
> I didn’t find any hint to block certain IP ranges to be updated within a
> dynamic zone.
> 
> Hopefully this explains my question a little bit better.
> 
> 
> // Hans
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users