Multiple Records with Bind 9.1.0 & Windows 2K DHCP

Jim Reid jim at rfc1035.com
Mon Jul 23 11:05:42 UTC 2001


>>>>> "Mohammed" == Mohammed Ghanawi <mohammed.ghanawi at hct.ac.ae> writes:

    Mohammed> We have been testing Bind 9.1.0 with Windows 2000 DHCP,
    Mohammed> we have also tested Windows 2000 DNS with Windows 2000
    Mohammed> DHCP, and have came up with the following results in
    Mohammed> regards to A & PTR records dynamic update:

    Mohammed> 1. Windows 2000 DNS seems to work fine with Windows 2000 DHCP.

    Mohammed> 2. Bind 9.1.0 fails to update old records and ends up
    Mohammed> adding multiple A & PTR entries. 

BIND will only act on authorised update requests. So your claim that
it "fails to update old records" is probably not true. What is more
likely is that the DHCP server is failing to send those updates or is
sending them in a way that causes the BIND name server to reject them.
Your name server logs might show you what's going on. Sniffing the LAN
for DDNS traffic might also help identify the problem.

IIRC the way M$ does DDNS with DHCP is bizarre. The DHCP server does
an update for the forward zone and the DHCP client does the update for
the reverse. (Or is it the other way round?) The upshot is that this
can make the forward and reverse zones inconsistent: there's no
"atomic" transaction with the DNS when a lease is handed out by the
DHCP server. And let's not overlook the obvious dangers of giving
desktops write access to forward or reverse zone files. BIND9's
update-policy clause is your friend....

    Mohammed> Now I know that everyone claims that Windows 2000 DHCP
    Mohammed> is not cleaning after itself, but the question is why
    Mohammed> does it clean after itself when using Windows 2000 DNS.

It will probably be some usual M$ trickery, like an undocumented
protocol extension, or something that's built in to Active Directory.
Those are questions best asked in some M$ forum.

Or maybe the problem is caused by how you configured the DNS and DHCP
servers to talk to each other. Or leaving something in an inconsistent
state when you switched between BIND9 and the M$ name server. You
might also want to think hard about why you want to couple DHCP with
DDNS. In many cases, there is no need for them to be combined.

BTW, 9.1.0 is an old release. The current version of BIND 9.1 is 9.1.3


More information about the bind-users mailing list