[ddns] "update-conflict-detection" and co-existing DHCPv4/v6 servers
G.Eustace at massey.ac.nz
Thu Mar 22 19:16:58 UTC 2012
>> In our case we only allow the DHCP server to do DDNS so the risk is
>> somewhat contained.
> That's why I said "indirectly" : only the DHCP server can do DDNS but clients are providing their
> own names to the DHCP. For now, nothing prevents a linux box to ask for a hostname that will be
> the same as our Active > Directory PDC!
We don't allow client updates, or rather I should say didn't allow them for IPv4 as there were too many inappropriate names being used. So most equipment must have a host entry which specifies the DDNS Name.
We have now struck the following issue.
1. If the DUID generated did NOT use the MAC address that we have registered for a computer (the one(s) used by IPv4 to match clients), then there is no matching host entry (we do NOT have DUIDs in the db yet). To allow such a case to get an IPv6 address we have had to all unknown hosts for IPv6. Problem is that there is now now authorative nDDNS name for the client and it would appear (still working on this) that the clients supplied name is used as it is the only thing available. I am going to try generating a name like we do for the guest and wireless networks e.g. dyn-120-10.xxx.yyy
It is becoming clear that DHCPv6 has not been very well thought out in terms of its interoperation with IPv4.
I am still hoping that someone has/is had/having more success than I am. If there is I'd love to compare notes.
More information about the dhcp-users