[ddns] "update-conflict-detection" and co-existing DHCPv4/v6 servers

Peter Rathlev peter at rathlev.dk
Wed Mar 21 23:58:01 UTC 2012

On Wed, 2012-03-21 at 16:43 +0100, Nicolas C. wrote:
> The problem is the follow : when "update-conflict-detection" is 
> disabled, a client can indirectly update and even delete A records by 
> booting on the network with the same name of a server for example.

Place client hosts in different domains than servers. I have an idea
that Microsoft Windows "Active Domain" doesn't support this, but that's
a limitation of their implementation. AFAICT current Windows DHCP
servers face the exact same issue you describe.

> Alternatively, is it possible to "lock" some records to prevent update?

You could control this on the DNS server. I know BIND allows for a
rather granular update policy.


More information about the dhcp-users mailing list