a Strange Deletion

Glenn Satchell Glenn.Satchell at uniq.com.au
Wed Mar 22 18:16:39 UTC 2006 

Are you using the interim ddns update style? Is there a corresponding
TXT record in the zone matching the hostname of the A record? dhcpd
uses a TXT record with a hash of the client ID as a key so that it
knows if it is allowed to delete an A record. Do you allow hosts to
update their own A records, or is only the dhcp server allowed to do
it?

If you're using the ad-hoc schems then it doesn't have this protection,
maybe you should change over?

regards,
-glenn

>To: dhcp-server at isc.org
>Subject: a Strange Deletion
>Date: Wed, 22 Mar 2006 12:04:27 -0600
>From: Martin McCormick <martin at dc.cis.okstate.edu>
>
>	I recently found out that an A record in our zone disappeared
>mysteriously several days ago.  After using the journalprint function
>of bind and matching the serial number, I found out that the dhcp
>server appears to be the one that removed the record.  The event that
>triggered the removal was what appears to be the expiration of a lease
>in the same subnet, but with a totally different IP address.
>
>	I have seen A records go poof when there are multiple hosts
>that all "think" they should have the same name.  They keep stepping
>on each other and zapping the forward lookup, but usually the reverse
>stays.
>
>	The A record in question was not even in the dhcp lease range
>for that network and the only things tying it all together are the time,
>down to the second that it occurred as well as the zone name.
>
>	Basically, I look at the journal and see ad2.ceat.okstate.edu
>deleted in zone X at the very second that a personal work station's
>lease, also in ceat.okstate.edu expired and the forward and reverse
>maps were removed by our dhcp server.  The dhcp server, however, did
>not remove the reverse map for the system whose forward A record got
>clobbered so I really think this didn't just glitch and remove the
>A record.
>
>	Does anyone have any idea what could have transpired to cause
>this to happen?
>
>	Thank you.
>
>Martin McCormick WB5AGZ  Stillwater, OK 
>Systems Engineer
>OSU Information Technology Department Network Operations Group
>

More information about the dhcp-users mailing list