force DDNS update

Chow Chi Ho (FP&HO) chchow at cabletv.com.hk
Tue Apr 24 04:54:24 UTC 2007


I think you can use "swatch" to force update the dns entry.
Whenever a fail update on dns entries, dhcp will have the following logs...."Forward map from .........FAILED: Has an A record but no DHCID, not mine."
You can use swatch to examining the log and update your dns...

-----Original Message-----
From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org]On Behalf Of Carl Karsten
Sent: Tuesday, April 24, 2007 7:20 AM
To: dhcp-users at isc.org
Subject: Re: force DDNS update


Simon Hobson wrote:
> Carl Karsten wrote:
> 
>>  >> Is there some way to get dhcpd to do this?
>>>  No
>> That makes me sad.
> 
> Why ? In NORMAL operations, the only time a DNS update is required is 
> on a dhcp client-server interaction - either giving out a a lease to 
> a client, or expiring a lease.

More of a physiological issue - most things are so flexible and configurable you 
can make them do anything.  but I am thinking "on commit" is what I am looking 
for.

I agree that my environment isn't the norm, (it is more of an R&D lab than a 
bunch of stable production things) and so I do not expect things to easily 
accommodate it.  If I have to jump trough a hoop now and thin, thats fine.  if 
my environment causes me to much grief, maybe I need to fix my
environment.

> 
> 
>>  >> This has me wondering:
>>>>  Box1 does DHCPREQUEST and gets a lease.
>>>>  Could a Box2 construct a DHCPRELEASE that looks like it came from 
>>>> Box1 so that
>>>>  the dhcp server doesn't know that Box1 is still using the IP?
>>>  Yes, it is almost trivial to do. Just create a DHCP-Release with the
>>>  other machines MAC address and send it to the server. This might not
>>>  actually get your too far though, the server will not give it to
>>>  another client for two reasons :
>>>
>>>  1) It will not be chosen for reuse until other, less recently used,
>>>  addresses have been exhausted.
>>>
>>>  2) It will gte abandoned when the server does a "ping before offer"
>>>  check - assuming of course that the client doesn't have a firewall
>>>  blocking pings (which IMHO is a  stupid thing to do !)
>>>
>>>
>> But that will cause dhcp to remove an A record and allow the dhcp request that
>> you describe: someone could name their client "server"...
> 
> Except that very few people use dynamic DNS updates to put their 
> important services into DNS - except Windows of course which seems to 
> live off DNS updates !
> 
> Even if you give servers their address by DHCP, it would normally be 
> a fixed address which by default would not trigger DDNS - hence 
> manually adding teh DNS records.

So even more reason to add an option that turns off the "safety feature"

otoh, I can appreciate not adding things that make a system less secure and more 
complicated just to address a use case that is pretty weak: I keep messing with 
my configs.

> 
>> I am not complaining about security issues or suggesting that this 
>> system needs
>> to be made more robust (if it is a hostel environment,  set static IP's and
>> static dns.)  What I am bitching about is being made to jump though a hoop
>> (which generally is what causes me to break things) for the sake of a safety
>> feature.  Who is this feature keeping safe?
>>
>> ok, maybe bitching isn't the right word.  Looking for options.  especially now
>> that I know it isn't just my setup that has this problem.
>>
>> What would it take to call a script each time a lease is given?
> 
> IIRC, "on commit" !
> 
> 

for the others that are interested:

man dhcpd.conf

  If you want to use events for
        things other than DNS updates, and you also want DNS updates, you  will
        have  to  start  out by copying this code into your dhcpd.conf file and
        modifying it.

wow.  I might do this.  but not today. :)

As always, thanks for the help.

Carl K




More information about the dhcp-users mailing list