<div>(I am going to post this individually to both the BIND and DHCP lists as this crosses both, but not going to cross-post).</div><div><br></div><div><br></div><div>DHCPD 4.1-ESV-R3 & BIND 9.7.4</div><div><br></div><div>
We've got about 20 /20 networks and another few /24 networks (all within the 10/8 block) that are setup for approximately 50% of their total ranges to be DHCP. There is single forward lookup zone involved.</div><div>
<br></div><div>The network is fairly busy, but not as busy say as a college or someplace where thousands or tens of thousands of people are coming and each day and getting DHCP. All leases are set for 8 days and the standard options for update forwarding, update allow, etc. are set. Clients are not allowed to perform updates directly.</div>
<div><br></div><div>The issue that I am seeing is that about 2-3% of the time, when a DHCP lease expires, some or all of the DNS records are not removed. Sometimes it's just the A records, sometimes it's the A & TXT record, sometimes it is all of them (A, TXT & PTR). If I am slacking on checking and cleaning this up, the stale records might be there 2-3 months later still.</div>
<div><br></div><div>We migrated some time back from Windows DNS & DHCP, so we got used to having the Windows implementation where it would scavenge old records that were still in existence, but past their maximum lifetime without having been updated (i.e. lease expired + X days). There doesn't appear an equivalent functionality in the ISC codebase, so I was considering writing my own script to try and tackle this as it's a rather annoying issue to be continually cleaning up old records using nsupdate as root.</div>
<div><br></div><div>A few questions:</div><div><br></div><div>- Does anyone have any suggestions on what to look at or try to figure out what is going wrong this 2-3% of the time?</div><div><br></div><div>- Does anyone know how to actually perform the DHCID hash function? I've read all the RFCs and looked at the DHCPD source code and I'm not seeing it. I'd need to be able to determine the hash value for a record to see if it actually belongs to the "expired" host or not. (I think I need to perform this).</div>
<div><br></div><div> - Does anyone know of any sort of effort/project already out there that is looking towards this scavenging?</div><div><br></div><div>My thoughts on what the process might look like (still rough and obviously untested):</div>
<div><br></div><div>1. Find an expired lease in the dhcpd.leases file.</div><div>2. Get the IP address.</div><div>3. Perform a reverse lookup on the IP to get the PTR record (this may be problematic though since the PTR is not always there).</div>
<div>4. Do a forward lookup to the get A and TXT records.</div><div>5. Do a hash calculation.</div><div>6. Compare to the TXT record to be sure this is the right record we are about to delete.</div><div>7. If a match, use nsupdate to delete all applicable "expired" records. If not a match then don't do anything.</div>
<div><br></div><div>This was just a quick process I white-boarded so I am pretty sure it's not going to work out this way when all is said and done.</div><div><br></div><div><br></div><div>Thanks.</div><div><br></div>
<div>-Will</div>