Dynamic DNS via DHCP

Scott Rowley scottro at netins.net
Mon Oct 19 19:52:42 UTC 2009 

Hello All,

I'm running into a problem when trying to setup Dynamic DNS via DHCP.  
I've got it running ok in a test environment but once I move it over to
the production server and turn it on my log file starts blowing up and
DHCP starts to seriously slow down.  Below is a modified example of the
log entry we started getting hammered with.  Over the course of the day
we figured that we would end up with around 1 million entries.

Oct 16 07:12:16 dns-prim named[6723]: [ID 873579 local3.error] update-security: error: client 10.x.x.x#53308: update '<our main domain>/IN' denied

The 10.x IP address above is the DHCP servers own private IP address. 

In the global information in dhcpd.conf I have the following options
set:

ddns-update-style interim;
ddns-updates on;
allow client-updates;

# Include file for Dynamic DNS zones
include "/isp/dhcp/dhcp.allow.dynamic";

Then inside dhcp.allow.dynamic I have the following (modified for
security).

key <key name> {
  algorithm hmac-md5;
  secret "<secret>";
};

zone sub.example.com {
 primary <primary DNS server IP>;
 key <key name>;
}

zone x.x.10.in-addr.arpa {
  primary <primary DNS server IP>;
  key <key name>;
}

Then within my subnet I have the following (pertinent) entries:

 option domain-name "sub.example.com";
 option docsis-mta.dhcp-server-1 <primary DNS server IP>;

option host-name "<code>;
ddns-domainname "sub.example.com";
ddns-hostname "<code>";

Again, everything is working fine but once we move it to production
everything on the planet seems to want to update through us and
everything gets bogged down, I suspect that it may be too busy denying
everyone to respond quickly to legit DHCP requests.

In summary my question is:  Can we turn ddns off globally but then turn
it on for this one subnet?  I have tried a few tests with this but no
updates ever showed up in logs, denied or accepted.  Once I put it back
to Global being on and the subnet being on then the dns updates started
occuring again.  But again, if I do this on production we get litterally
millions of denied updates.

I hope this wasn't clear as mud and thanks in advance for any assistance.

Thank you,
Scott Rowley <scottro at netins.net>
netINS Systems Administrator

More information about the dhcp-users mailing list