dhcpd creating corrupt DNS entries via DDNS

[Neff, Glen]

> > If it didn't cause a problem, then I wouldn't have noticed.
> > It broke things.  I noticed.
>And my question wasn't rhetorical.   I assumed that something had gone wrong, or you wouldn't have noticed.   The question is, what?   If it's just a bad implementation, like the men and mice issue, then I don't care, but maybe something broke in a serious (that is, security-related) way, in which case I am curious to know about it!

Due to the complex nature of our lab environments, ie. large amount of IP space, number of physical locations, deep & varied DNS zones & sub-zones, lack of association between locations/subnets & DNS zones, etc., we decided that directly maintaining reverse zones wasn't feasible in any traditional means.  Our static forward zone maintenance processes do not directly maintain corresponding reverse records.  Our dynamic forward DNS zone configs don't directly maintain associated reverse records either.

We instead utilize a background script that runs every 10 minutes that maintains the reverse zones based on the forward zones.

In authoring the script, it was written with the unfortunate assumption that since it was dumping forward records already stored and accepted by BIND (dig @<authoritative resolver> -t AXFR <forward zone>), that I didn't need to cleanse the data to build the reverse.  Well, "cat\032/etc/FRIENDLYHOSTNAME.hop.usd.lab.emc.com" broke that process & assumption.  That's how I knew.

-G

/*
 * Glen R. J. Neff
 * USD Lab Operations Infrastructure Team
 * glen.neff at emc.com
 *
 * EMC^2 == E^2
 */