Dynamic DNS Problems

Barry Finkel b19141 at achilles.ctd.anl.gov
Tue Sep 30 13:42:09 UTC 2003 

Dean Collins <collins at progress.com> wrote:

>   IF anyone has a solution, we would greatly appreciate it...
>
>    We are running BIND  8.3.3 along with Windows 2000.
>    We are experiencing two problems...
>
>    1. The PTR record is not getting deleted  from the reverse file, along
>    with the Address record in the zone file, therefore leaving several old
>    addresses and host names in the reverse file.
>
>    2. Dynamic updates are somehow allowing the addition of a name
>    which is already in the zone file, and therefore, taking over the name AND,
>    most importantly, the ip address of the new entry, leaving us with the same name
>    in the file with another address, creating havoc...

The W2k self-registration DNS packets are these (from a test on
16May2000 in the ANL W2k testbed network).  I doubt that the W2k 
self-registration DDNS packets have changed since that time.

00) There is a machine in the testbed

         w2kdesk222.example.com <===> 192.168.1.23

    that is running Windows 2000 Professional (clean install); it is
    attempting to do dynamic DNS self-registration.

    The dns0 machine is a BIND master.

01) I changed dns0 so that

         w2kdesk222.example.com <===> 192.168.1.111
         bsfdnstest.example.com <===> 192.168.1.23

02) I modified named.conf.puck to

         allow-update(192.168.1.23);

    for the example.com and the 192.168.1.rev zones.

03) I let the w2kdesk222.example.com machine try to register itself.
    It did (in packets up to and including 194.)

04) The updates were refused, because the syntax of the "allow-update"
    statement was incorrect.  A subsequent test flagged the statement
    as having invalid syntax; I do not know what happened the first
    time.

05) I changed the two statements to

         allow-update{192.168.1.23;};

    and BIND was happy.

06) I waited for the next self-registration from w2kdesk222.  These
    occurred in packets 197-210.  (Packets 195 and 196 are ping
    packets).  But there were error messages from BIND:
         15:15:24 error processing update packet (NXRRSET) id 399
                  from [192.168.1.23].1915
         15:15:24 error processing update packet (NYRRSET) id 402
                  from [192.168.1.23].1918

07) Here is a summary of the DNS trace records.

    Frm Src  Dest Event
    --- ---- ---- --------------------------
    195 dns0 w2k  Ping w2kdesk222 from dns0
    196 w2k  dns0 Ping reply
    197 w2k  dns0 Dynamic DNS update:
                       Zone: example.com
                       Prereq #1: w2kdesk222.example.com is not a CNAME.
                       Prereq #2: w2kdesk222.example.com has an "A"
                                  record pointing to 192.168.1.23 .
    198 dns0 w2k  Response: NXRRSET (8) = Some RRset that ought to exist
                                          does not exist.
                                          [Pre-req #2 failed.]
    199 w2k  dns0 What is the SOA for w2kdesk.example.com?
    200 dns0 w2k  The SOA server is dns0.example.com .
    201 w2k  dns0 What is the address of dns0.example.com?
    202 dns0 w2k  The address is 192.168.1.4 .
    203 w2k  dns0 Dynamic DNS update:
                       Zone: example.com
                       Prereq #1: w2kdesk222.example.com is not a CNAME.
                       Prereq #2: There is no "A" record for w2kdesk222.example.com .
                       Update: Add "w2kdesk222.example.com IN A 192.168.1.23".
    204 dns0 w2k  Response: YXRRSET (7) = Some RRset that ought to exist
                                          does not exist.
                                          [Pre-req #2 failed.]
    205 w2k  dns0 What is the address of w2kdesk222.example.com?
    206 dns0 w2k  The address is 192.168.1.111 .
    207 w2k  dns0 Dynamic DNS update:
                       Zone: example.com
                       Pre-req #1: w2kdesk222.example.com is not a CNAME.
                       Update #1: Delete existing "A" record for w2kdesk222.
                       Update #2: Add "w2kdesk222.example.com IN A 192.168.1.23"
                                  with TTL=1200.
    208 dns0 w2k  Response: OK (0)
    209 w2k  dns0 Dynamic DNS update:
                       Zone: 1.168.192.in-addr.arpa
                       Pre-req: 23.1.168.192.in-addr.arpa is not a CNAME.
                       Update #1: Delete the existing PTR for 192.168.1.23 .
                       Update #2: Add "192.168.1.23 IN PTR w2kdesk222.example.com"
                               with TTL=1200.
    210 dns0 w2k  Response: OK (0)

These are for W2k computer self-registration.  If you are using DHCP
(wither W2k or ISC), then the DDNS packets probably will be different.
There is no standard for the DDNS packets from DHCP; there is an
expired draft document.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list