unapporved update
Barry Finkel
b19141 at achilles.ctd.anl.gov
Wed Sep 8 16:40:18 UTC 1999
Jim Reid wrote:
> Barry> If there is interest I can post my summary of the WIN 2000
> Barry> Workstation dynamic update requests.
>
>Yes please! It would be a great help to the list if people shared
>their experiences with W2K and what it does to the DNS. Those who are
>at the bleeding edge of this technology can help to make it less
>painful for the rest of us.
I am not an expert in Dynamic DNS (RFC 2136), nor am I an expert in
the DNS RFCs (1034/1035), so I may have misinterpreted the DNS
update records sent by the Windows 2000 Workstation computer.
The machine LIZZARD.ctd.anl.gov is at address 146.137.160.161; it
sent numerous dynamic DNS update requests, each in three update
packets:
1) If (LIZZARD is a CNAME) then return(YXRRSET [7]).
If (LIZZARD does not point to 146.137.160.161) then return(NXRRSET [8]).
If ((LIZZARD is not a CNAME) and (LIZZARD points to 146.137.160.161))
then RETURN(NOERROR). [No update zone is specified.]
2) If (LIZZARD is a CNAME) then return(YXRRSET [7]).
If (LIZZARD fwd pointer exists) then return(YXRRSET [7]).
If ((LIZZARD is not a CNAME) and (LIZZARD fwd pointer does not exist))
then add a forward pointer.
3) Delete any existing reverse pointer for 146.137.160.161, and
add a reverse pointer for LIZZARD.
Note that the first packet has no update zone. I assume that this is
only for checking return codes. But my DNS returns NOTAUTH for
each attempt, and if the MS code were checking return codes, it
would not have sent packets 2) and 3). If a Windows 2000 Workstation
is online and has a correct IP name and address, then packets 2) and 3)
are OK. If the machine happens to be on the network with an incorrect
name and/or IP address, then packet 2) will fail if the name is already
registered. But packet 3) will ALWAYS change the reverse pointer.
This scares me. On a Windows 2000 Workstation, you can disable the
auto-register via these steps:
Start
Settings
Network and Dialup
Local Area
Properties
Adapter
Protocols
TCP/IP
Advanced
DNS
The "Register this name" box should NOT be checked.
If you have to uncheck the box, then you must reboot to have the
change take effect.
As I stated in a previous posting, Windows 2000 Server is a different
animal; it uses RFC 2052 extensively.
If anyone wants to see the raw sniffer records and check to see that
I have decoded them properly, let me know; I can send you the raw
records. I would like some volunteer who knows the RFCs to check my
work, as these are the first DNS sniffer records I have decoded.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-9689
Building 221, Room B236 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4844 IBMMAIL: I1004994
More information about the bind-users
mailing list