Automatic Removal of DHCID TXT Records
Merton Campbell Crockett
m.c.crockett at roadrunner.com
Sat Nov 7 16:31:38 UTC 2009
On 05 Nov 2009, at 10:02:38, David W. Hankins wrote:
> On Mon, Nov 02, 2009 at 06:34:20AM -0800, Merton Campbell Crockett
> wrote:
>> Is there a way to define for certain pools that DHCID records are
>> to be
>> deleted when a DHCPRELEASE is processed or the lease expires without
>> renewal?
>
> You are describing the default behaviour. Are you running an older
> version and disabling conflict-detection or something? DHCP's DDNS
> has to use two updates, one to remove the A, another to remove the
> DHCID IFF all A and AAAA records have been removed. Is the second
> update reliably failing for some reason?
DHCP 3.1.2p1 is being used on a system where BIND 9.4.3-P3 is the
master for the DNS zones local to the site. BIND is configured to
restrict zone updates to the DHCP process running on the same system
at all sites. The DHCP server updates both forward and reverse
zones. DHCP clients are not permitted to perform any zone updates.
At 46 of the 50 sites, there are no known DHCID problems. The DHCID
problems occur only at 4 sites that support a VPN access point. The
problem appear to arise from the fact that the pool for the VPN access
point is constrained by the number of connections that the VPN access
point hardware can support at any given time. This results in the
same IP address being used for multiple systems and creating the DHCID
problem.
With the default "update-conflict-detection true;", DNS zone updates
fail due to the DHCID mismatch. Defining "update-conflict-detection
false;" eliminates the DHCID problem but creates a secondary problem
when the lease expires because the "new" DHCID is not written to the
zone file when an IP address is assigned to a different system.
Should a user switch from one VPN access point to another due to
network issues or the number of users using the first VPN access
point, the user's system will appear to exist at multiple locations.
I understand that the failure to create the DHCID record is addressed
in DHCP 3.1.3. Due to slavish adherence to "process" in my company,
I'm still waiting for approval to upgrade DHCP. :(
Merton Campbell Crockett
m.c.crockett at roadrunner.com
More information about the dhcp-users
mailing list