Multiple DHCP Servers with DDNS Best Practice/Workaround?

Wed May 11 19:49:20 UTC 2011

You may want to review the update-conflict-detection
option.  It may provide the functionality you are
requesting.

On 05/11/2011 10:16, Colin Simpson wrote:
> Hi
>
> I'm just looking for some advice on the best practice for multiple ISC
> DHCP servers with DDNS updates (each one on a different subnet). The
> issue I have is that machines switching subnets are stuck with the old
> names in DNS.
>
> Now I realise this is by design (by use of the TXT with the A records).
> But if a laptop user disconnects from one network (which they invariably
> do without de-registering) and reconnect to a new network, their
> hostname will not get updated in DNS until the DHCP lease expires in
> DHCP on the original server. This is causing issues (particularly for
> Linux laptops, where people expect to reach them by SSH and NFS servers
> that don't like a client that isn't properly setup in DNS (A and PTR))
>
> I'm presuming for most situation this is acceptable so that DHCP servers
> don't tread on each others DNS allocations. But can you force them to
> (maybe in such a way that the original DHCP server won't delete the new
> DNS record from a second server (for example by checking that it's not
> in the range he manages)?
>
> I saw a thread about this from several years ago:
>
> https://lists.isc.org/pipermail/dhcp-users/2006-August/001335.html
>
> Has anything changed since then (or moved forward)? The only approach in
> here involved source codes changes, which from a maintainability point
> of view isn't great for us.
>
> Or has anyone got a cunning way round this?
>
> I thought of a bit of a hack that could remove a machines DHCP
> allocation from all other DHCP servers in the environment if it appears
> on a new DHCP server. Or maybe just a very short lease time (but
> obviously issues with that too).
>
> I realise there are risks to this, but we are sure (as it's possible to
> be) there are no overlapping name allocations at this site (they are
> assigned by us).
>
> And this argument against stamping on each other's toes, would be more
> relevant if a malicious/stupid user couldn't already screw up say a
> server, by giving their machine a server's name. I'd presume that DHCPD
> would happily overwrite the static DNS entry (for the server's static
> IP), esp if say a Windows DC that adds DNS entries itself to DNS (but no
> TXT entries attached to them). Should I be adding my own random TXT
> entries to static DNS entries if they share a zone with DHCP manage
> DNS?
>
> Sadly the subnets in our situation don't all share a switching
> infrastructure so a single server with DHCP relaying is not an option.
> And does this work properly with de-registering from an existing subnet
> and re-registering on a new one (out of interest)?
>
> Any thoughts very welcome.
>
> Thanks
>
> Colin
>
> This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original.
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users