Are there Any Known Issues with MS DNS and MS dhcp Servers?

Barry Finkel b19141 at achilles.ctd.anl.gov
Fri Apr 5 20:09:27 UTC 2002


Martin McCormick <martin at dc.cis.okstate.edu> wrote:

>	This may not seem like the place to post this question,
>but we use bind9 masters and slaves at this site.  A department
>has what is now a child dns within our zone and it is a Microsoft
>dns fed by a Microsoft dhcp server.
>
>	This is not our choice at all, but we are trying to make
>the best of it as we do not have root access to this dns.
>
>	We are quite picky about having addresses that are
>reverse-mappable and domain names that come as close as you can
>in a large organization to making sense which sometimes helps in
>tracking down ownership of systems that are misconfigured or
>compromised.
>
>	We realize that all names in the subdomain we set up are
>beyond our control so that is not an issue, but what is an issue
>are failure or malfunction modes that anybody may have seen that
>are either peculiar to DDNS or especially peculiar to Microsoft's
>combination of dhcp and dns.  In other words, How do they usually
>break?
>
>	What about security issues?  At least any malicious
>activity involving the Windows box should stay within the child
>domain and not appear in the broader okstate.edu domain.

I have one forward zone and its five reverse zones on a MS W2k DNS
server with most of the updates coming from a W2k DHCP server.  There
are many cases where

     an address in the reverse zone has more than one nodename, or
     a name in the reverse zone is not fully qualified, or
     there are multiple entries in the reverse zones pointing to the 
        same nodename.

We have not yet opened a trouble ticket with MS.  If you require that
the forward and reverse entries match, then I would suggest NOT using
DHCP with non-static registrations.  

Since this mailing list is BIND group, feel free to contact me offline
for more details.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list