DHCP Option 119

Kevin Darcy kcd at daimlerchrysler.com
Tue Oct 19 01:44:12 UTC 2004


David Botham wrote:

>bind-users-bounce at isc.org wrote on 10/18/2004 04:45:37 PM:
>  
>
>>Is Option 119 available for Windows Server 2003 DHCP servers?  I would
>>like to use this option to distribute a DNS Suffix Search List to
>>clients.
>>    
>>
>
>Perhaps you should ask this question on a list dedicated to Windows Server 
>2003 DHCP or even a DHCP mailing list.  The BIND list is probably not the 
>best place for this question.
>
It is, however, a good place IMO to point out how evil searchlists (aka 
"suffix search lists") are, since this "feature" impacts many if not 
most BIND installations.

There's nothing quite like planting a bunch of wild-ass domain *guesses* 
in your clients' brains, if you want to chew up significant network and 
nameserver resources answering pointless, doomed queries, not to mention 
adding query latency for the user, whenever the domain *guess* they need 
happens to be far down into the searchlist. And heaven help anyone who 
uses diverse searchlists on their clients and also creates the same 
shortnames in different domains -- now all of a sudden people can end up 
at the *wrong* resource, depending on the order of their searchlist. 
Don't you have better uses for your time than troubleshooting 
ridiculous, self-created problems like that? Do you understand that this 
raises an important *security* issue, since people (rightly or wrongly) 
put trust in DNS resolution, and going to the "wrong" shortname can 
therefore result in a form of unexpected privilege escalation?

I would highly recommend to the original poster to wean his users from 
their shortname dependency, rather than indulge it with searchlists and 
have it grow into a full-blown addiction. We've been down the 
shortname-addiction path, and trust me, it ain't pretty...

                                                                         
                                                            - Kevin




More information about the bind-users mailing list