AW: DDNS updates
John Hascall
john at iastate.edu
Wed Aug 2 12:20:47 UTC 2006
> An immidiate switch to a ISC DHCP-only network will not be possible.
> This means, there are instances (clients, MS DHCP server) which will
> update the domain.
> When traveling to a location with an ISC DHCP server, I would like to
> only have the ISC do the updates. This does not work, because it does
> not touch the record, in regards of the missing TXT record.
> So I would like to FORCE the ISC DHCP server doing the update although
> the TXT record is missing.
You could surely do this by a different modification to
the ddns_update_a function in the common/dns.c file.
It you omitted this whole chunk:
/*
* DHCID RR exists, and matches client identity.
*/
updrec = minires_mkupdrec (S_PREREQ,
(const char *)ddns_fwd_name -> data,
C_IN, T_DHCID, 0);
if (!updrec) {
result = ISC_R_NOMEMORY;
goto error;
}
updrec -> r_data = ddns_dhcid -> data;
updrec -> r_size = ddns_dhcid -> len;
updrec -> r_opcode = YXRRSET;
ISC_LIST_APPEND (updqueue, updrec, r_link);
that would remove the test for the TXT record entirely.
**** But unless you run a *very* tight organization indeed ****
**** this would be a tremendous risk of accidental or purposeful ****
**** mayhem. Suppose a client suggested to DHCP that its name ****
**** was something like <name-of-your-domain-controller> and ****
**** DHCP updates your DNS ... ****
If you segregated your clients all into specific subdomain(s)
that contained no servers and you setup DNS to only allow those
subdomains to be dynamically updated by DHCP/clients then at
least they could only stomp on other clients.
John
More information about the dhcp-users
mailing list