Dynamic DNS

Barry Finkel b19141 at achilles.ctd.anl.gov
Thu Sep 14 21:42:55 UTC 2000


adalessandro at odione.co  wrote:

>I am trying to setup Dynamic DNS for our internal nameservers, but I am
>confused....  Do the A records ever expire or get removed out of the
>nameservers cache?
>For example, I had a host register "host01", then changed the name of the
>machine, rebooted, and it registered the new name "host02" into dns, however
>it did not remove the host01 entry (they both point to the same IP).
>
>I am also getting this error:
>
>Sep 13 11:22:23 ns01 named[155]: error processing update packet (NXRRSET) id
>11 from [64.28.75.25].1058
>
>The dynamic updates are coming from Win2k DDNS in the TCP/IP properties...
>Can someone shed some light on this anomaly?

My response is in addition to Kevin Darcy's response.
With DDNS, it is the responsibility of the client (e.g., Win2k 
workstation) to send a DDNS packet that contains proper pre-requisite
checks and does proper cleanup.  I have posted to this group in the
past detailed information as to the update packets that a Win2k 
workstation sends to DNS.  Check the archives for more details.
(My records show that I posted Sep 08, 1999 and the thread subject was

     Re: unapporved update

[with the two interchanged letters].)  I believe that I have posted
other examples since then.  Essentially if you have registered a
forward address (either manually or via DDNS):

     xxx ===> 111.222.333.444

and then you rename the computer from xxx to yyy and have W2k send
a dynamic DNS update:

     yyy ===> 111.222.333.444

the MS DDNS packet will make these pre-req checks:

     a) Is yyy a CNAME?  If so, then return(YXRRSET [7]).
        If it is a CNAME, then it can't also be an "A".
     b) Does yyy point to 111.222.333.444?  If no then return(NXRRSET [8])
     c) return (NOERROR).  [No update zone is specified.]

There is no update zone in the packet, so all this DDNS packet is doing
is creating one of three return codes.  I assume the MS DNS code looks
at the return code and acts accordingly.  In the case you posted,
host02 was not registered before the DDNS packet arrived, so the pre-req
check b) returned NXRRSET (and also wrote the message to the log file).

The MS Win2k packets do not check the reverse pointer

     111.222.333.444 ====> xxx

(but there is no requirement that it be registered), so it does not
know that xxx was registered to that address.  As a result, you see
both xxx and yyy pointing to 111.222.333.444.

Note that in the case of reverse pointers, the only pre-req check that
MS makes is a check for an existing CNAME.  If there is no CNAME, then
the update section of the DDNS packet does two things:

     1) removes any existing registration for 111.222.333.444 ==> xxx
     2) registers a new name for 111.222.333.444 ===> yyy

So, if you have a misconfigured Win2k box registering itself, then it
can re-register any existing reverse pointer.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994




More information about the bind-users mailing list