force DDNS update

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Apr 23 22:45:09 UTC 2007 

Carl Karsten wrote:

>  >> Is there some way to get dhcpd to do this?
>>
>>  No
>
>That makes me sad.

Why ? In NORMAL operations, the only time a DNS update is required is 
on a dhcp client-server interaction - either giving out a a lease to 
a client, or expiring a lease.


>  >> This has me wondering:
>>>  Box1 does DHCPREQUEST and gets a lease.
>>>  Could a Box2 construct a DHCPRELEASE that looks like it came from 
>>>Box1 so that
>>>  the dhcp server doesn't know that Box1 is still using the IP?
>>
>>  Yes, it is almost trivial to do. Just create a DHCP-Release with the
>>  other machines MAC address and send it to the server. This might not
>>  actually get your too far though, the server will not give it to
>>  another client for two reasons :
>>
>>  1) It will not be chosen for reuse until other, less recently used,
>>  addresses have been exhausted.
>>
>>  2) It will gte abandoned when the server does a "ping before offer"
>>  check - assuming of course that the client doesn't have a firewall
>>  blocking pings (which IMHO is a  stupid thing to do !)
>>
>>
>
>But that will cause dhcp to remove an A record and allow the dhcp request that
>you describe: someone could name their client "server"...

Except that very few people use dynamic DNS updates to put their 
important services into DNS - except Windows of course which seems to 
live off DNS updates !

Even if you give servers their address by DHCP, it would normally be 
a fixed address which by default would not trigger DDNS - hence 
manually adding teh DNS records.

>I am not complaining about security issues or suggesting that this 
>system needs
>to be made more robust (if it is a hostel environment,  set static IP's and
>static dns.)  What I am bitching about is being made to jump though a hoop
>(which generally is what causes me to break things) for the sake of a safety
>feature.  Who is this feature keeping safe?
>
>ok, maybe bitching isn't the right word.  Looking for options.  especially now
>that I know it isn't just my setup that has this problem.
>
>What would it take to call a script each time a lease is given?

IIRC, "on commit" !

More information about the dhcp-users mailing list