ISC DHCPv6-BIND9 DDNS update problem
Simon
dhcp1 at thehobsons.co.uk
Fri Jun 10 17:14:12 UTC 2022
Mirsad Goran Todorovac <mirsad.todorovac at alu.unizg.hr> wrote:
>> But more seriously, on a network of any size, and especially if using RAs to trigger use of DHCP for address assignment, your network infrastructure should at the very least alert you to rogue DHCP servers - and preferably block them (by filtering the packets) at the edge switch ports. Without that, as you’ve experienced, anyone can start up a rogue service - whether accidentally or maliciously.
>> The same applies to RAs - without rogue detection and isolation, anyone can break your network and/or hijack traffic.
>
> Unfortunately, I am not even the admin of all those net segments and rogue devices. I might be simply out of luck with this one.
Presumably you know the network admins who are responsible for those segments ? And presumably there must be a person or group which oversees the network as a whole (subnets/prefixes etc) ? Just letting everyone “do their own thing” without central planning is a recipe for disaster.
So you need to go to them and point out what the problem is, and what needs to be done to fix it. Of course, if they don’t want to then you’re down to internal politics and potentially you end up reporting back to management that you can’t implement what’s asked for because others are actively sabotaging the network (that’s how I’d describe it if supposed network admins are doing nothing to deal with rogue services like this.)
Simon
More information about the dhcp-users
mailing list