BIND 8.2.x interaction with DHCP servers

Andreas Gustafsson Andreas.Gustafsson at nominum.com
Tue Jun 27 20:34:48 UTC 2000


> I agree with your response to Brad's note that running DHCP
> and DNS on the same server does nothing to prevent the
> problems that DHCID RR is intended to prevent. But, I'm not
> sure saying that it is not a security mechanism is correct.
> Fooling DHCP is a very convenient back door to stealing someone
> else's host name and routing their traffic to your machine.

All proposals for client identification schemes that I have seen allow
the DHCP client to provide its own client identifier data, making it
trivial for a client to claim the identity of another.

Having to forge the Client ID field of the DHCP request may be an
obstacle to a naive attacker, but that doesn't make DHCID as a
"security mechanism".  It's more of a mechanism for preventing
accidental misconfiguration than for providing any real security.
-- 
Andreas Gustafsson, gson at nominum.com



More information about the bind-workers mailing list