Dynamic DNS via DHCP
Scott Rowley
scottro at netins.net
Mon Oct 19 19:52:42 UTC 2009
Hello All,
I'm running into a problem when trying to setup Dynamic DNS via DHCP.
I've got it running ok in a test environment but once I move it over to
the production server and turn it on my log file starts blowing up and
DHCP starts to seriously slow down. Below is a modified example of the
log entry we started getting hammered with. Over the course of the day
we figured that we would end up with around 1 million entries.
Oct 16 07:12:16 dns-prim named[6723]: [ID 873579 local3.error] update-security: error: client 10.x.x.x#53308: update '<our main domain>/IN' denied
The 10.x IP address above is the DHCP servers own private IP address.
In the global information in dhcpd.conf I have the following options
set:
ddns-update-style interim;
ddns-updates on;
allow client-updates;
# Include file for Dynamic DNS zones
include "/isp/dhcp/dhcp.allow.dynamic";
Then inside dhcp.allow.dynamic I have the following (modified for
security).
key <key name> {
algorithm hmac-md5;
secret "<secret>";
};
zone sub.example.com {
primary <primary DNS server IP>;
key <key name>;
}
zone x.x.10.in-addr.arpa {
primary <primary DNS server IP>;
key <key name>;
}
Then within my subnet I have the following (pertinent) entries:
option domain-name "sub.example.com";
option docsis-mta.dhcp-server-1 <primary DNS server IP>;
option host-name "<code>;
ddns-domainname "sub.example.com";
ddns-hostname "<code>";
Again, everything is working fine but once we move it to production
everything on the planet seems to want to update through us and
everything gets bogged down, I suspect that it may be too busy denying
everyone to respond quickly to legit DHCP requests.
In summary my question is: Can we turn ddns off globally but then turn
it on for this one subnet? I have tried a few tests with this but no
updates ever showed up in logs, denied or accepted. Once I put it back
to Global being on and the subnet being on then the dns updates started
occuring again. But again, if I do this on production we get litterally
millions of denied updates.
I hope this wasn't clear as mud and thanks in advance for any assistance.
Thank you,
Scott Rowley <scottro at netins.net>
netINS Systems Administrator
More information about the dhcp-users
mailing list