force DDNS update

Carl Karsten carl at personnelware.com
Mon Apr 23 22:14:55 UTC 2007 

Simon Hobson wrote:
> Carl Karsten wrote:
> 
>>  > Yes, simply delete the stale records using nsupdate*
>>
>> That just dumps the 'incorrect' entry, but won't add the correct one, right?
>> guessing the easiest way to fix is force the client to do another 
>> dchp request?
> 
> Correct
> 
>> Is there some way to get dhcpd to do this?
> 
> No

That makes me sad.

:)

> 
>>  > Thw DHCP server will NOT replace or remove an A record that does not
>>  > have the correct TXT record to go with it. The TXT record has a hash
>>>  of several bits of information that allows the server to determine
>>>  that it wasn't something else that put the record there. This is a
>>>  safety feature - otherwise someone could name their client "server"
>>>  and the DHCP server would happily replace the A record for you
>>>  important server of the same name with one that points to the client,
>>>  with the obvious effects on the network !

>> I see your point.  But I think we can get the best of both worlds.
>>
>> In my case, dhcpd is the only thing with the key.
>>
>> The host name comes from the following:
>>
>> Client supplied
>>
>> host sahara {
>>          hardware ethernet 00:40:ca:11:3c:6c ;
>>          option host-name "sahara" ;
>>          fixed-address 192.168.1.3 ; }
>>
>> option host-name=concat("dhcp", binary-to-ascii(10, 8, "-",
>> suffix(leased-address,1) ) ) ;
>>
>> What determines the precedence order,
>> and is there a way to ignore the client supplied one?
> 
> ddns-hostname="something";
> 
>>  > The TXT record has a hash
>>>  of several bits of information that allows the server to determine
>>>  that it wasn't something else that put the record there.
>> Which server? (dhcp or bind?)
> 
> DHCP
> 
>> This has me wondering:
>> Box1 does DHCPREQUEST and gets a lease.
>> Could a Box2 construct a DHCPRELEASE that looks like it came from Box1 so that
>> the dhcp server doesn't know that Box1 is still using the IP?
> 
> Yes, it is almost trivial to do. Just create a DHCP-Release with the 
> other machines MAC address and send it to the server. This might not 
> actually get your too far though, the server will not give it to 
> another client for two reasons :
> 
> 1) It will not be chosen for reuse until other, less recently used, 
> addresses have been exhausted.
> 
> 2) It will gte abandoned when the server does a "ping before offer" 
> check - assuming of course that the client doesn't have a firewall 
> blocking pings (which IMHO is a  stupid thing to do !)
> 
> 

But that will cause dhcp to remove an A record and allow the dhcp request that 
you describe: someone could name their client "server"...

I am not complaining about security issues or suggesting that this system needs 
to be made more robust (if it is a hostel environment,  set static IP's and 
static dns.)  What I am bitching about is being made to jump though a hoop 
(which generally is what causes me to break things) for the sake of a safety 
feature.  Who is this feature keeping safe?

ok, maybe bitching isn't the right word.  Looking for options.  especially now 
that I know it isn't just my setup that has this problem.

What would it take to call a script each time a lease is given?

Carl K

More information about the dhcp-users mailing list