a Strange Deletion

Martin McCormick martin at dc.cis.okstate.edu
Wed Mar 22 19:48:53 UTC 2006

Glenn Satchell writes:
>Are you using the interim ddns update style?


> Is there a corresponding
>TXT record in the zone matching the hostname of the A record?


> dhcpd uses a TXT record with a hash of the client ID as a key so that it
>knows if it is allowed to delete an A record. Do you allow hosts to
>update their own A records, or is only the dhcp server allowed to do

	Only the dhcp server is allowed to do that on our networks.

>If you're using the ad-hoc schems then it doesn't have this protection,
>maybe you should change over?

	I remember reading that interim is the only style that is
recommended so that's what we use.

	The system whose A record got stomped was registered manually in DNS
and has no TXT record.  Is there any safe way I can generate a similar
record to lock this address down?  That would have prevented whatever
did happen from happening.

	I had a flash of inspiration after posting my first message
and looked at the dhcp server log for the whole day this all happened and
noticed that the system whose lease expiration may have triggered the
deletion seemed to renew his lease normally until about 5 hours before
the deletion and then it sent a few DHCPINFORM packets to the dhcp
server which were all acknowledged.  I think, somehow, that system did
something that set up a situation which made it seem that the other A
record should go away when the actual forward and reverse A records
from the host were removed.

	As a general comment, I haven't noticed dhcpd to be very
unpredictable.  It seems to be solid as a rock, here, with the weird
stuff usually the result of broken work stations.

Martin McCormick

More information about the dhcp-users mailing list