[ddns] "update-conflict-detection" and co-existing DHCPv4/v6 servers

Peter Rathlev peter at rathlev.dk
Fri Mar 23 07:41:46 UTC 2012


On Thu, 2012-03-22 at 19:16 +0000, Eustace, Glen wrote:
> On Thu, 2012-03-22 at 08:52 +0100, Nicolas C. wrote:
> > That's why I said "indirectly" : only the DHCP server can do DDNS
> > but clients are providing their own names to the DHCP. For now,
> > nothing prevents a linux box to ask for a hostname that will be
> > the same as our Active Directory PDC!
> 
> We don't allow client updates, or rather I should say didn't allow
> them for IPv4 as there were too many inappropriate names being used.
> So most equipment must have a host entry which specifies the DDNS
> Name.

Just to make this clear: Disallowing client updates as such does not
prevent clients from having arbitrary names put in DNS. And since most
DHCP server configurations do not validate the client supplied name at
all, the client can pretty much decide for itself what name it wants,
even though the DHCP server technically does the updating.

Using "host" entries means the DHCP server simply doesn't perform the
dynamic update at all, unless you use the "update-static-leases"
parameter. And without either a "host-name" option in each static
decleration or the "use-host-decl-names" parameter I would think that
the client supplied name is still used.

Client supplied names is a real issue.

-- 
Peter




More information about the dhcp-users mailing list