Question regarding names used for DDNS

[Uwe Meyer-Gruhl]

Hi,


the ISC DHCP documentation says that which the interim DNS update 
scheme, the DHCP server uses the hostname from the fqdn or hostname 
option that the client sends. The domain part is being taken from the 
ddns-domainname config option as per manpage.

This seems to be reflected in the standard definitions in server/dhcpd.c:

option server.ddns-hostname 
=                                               \n\
   pick (option fqdn.hostname, option 
host-name);                            \n\
option server.ddns-domainname = config-option 
domain-name;                  \n\
option server.ddns-rev-domainname = \"in-addr.arpa.\";";

There also is a "ddns-hostname" config option which I expected to 
override the client's request data. So I use host definitions like this:

host ddns-0000017 {
         option host-name "labprinter1";
         hardware ethernet 00:22:33:44:55:66;
         option domain-name "unknown";
         ddns-updates on;
         do-forward-updates on;
         do-reverse-updates on;
         ddns-hostname "labprinter1";
         ddns-domainname "unknown";
}

However, I have found that at least the reverse entry (PTR record) was 
"test.test" in my case, when I coerced the client to send a FQDN option 
(81) with that value.

Is there a way that I can use only the host- and domain-names (e.g. 
"labprinter1.unknown" in my example above) from my host entry for both 
forward and reverse DDNS updates no matter what the client thinks what 
its name he has? I do not want my DHCP servers to act as a stand-in for 
a DNS modification attack.


Thanks for any hints...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20121123/a13b1494/attachment-0001.html>