[ddns] "update-conflict-detection" and co-existing DHCPv4/v6 servers

Eustace, Glen G.Eustace at massey.ac.nz
Wed Mar 21 20:11:17 UTC 2012

> The problem is the follow : when "update-conflict-detection" is disabled, a client can indirectly
> update and even delete A records by booting on the network with the same name of a server
>  for example.

In our case we only allow the DHCP server to do DDNS so the risk is somewhat contained.

> Is there a possibility to run DHCPv4 an DHCPv6 simultaneously AND verifying the TXT records?

This is now a big issue for us.  The whole TXT way of controlling access to the resources now seems fundamentally broken if one is trying to do IPv4 and IPv6 updates as the hash is different in both cases.

Please can someone say that they have this working !!

Alternatively, is it possible to "lock" some records to prevent update?

Where're using DHCP 4.1.1-P1 and Bind 9.7.3 (both Debian Squeeze).


dhcp-users mailing list
dhcp-users at lists.isc.org

More information about the dhcp-users mailing list