ignore client-updates

Glenn Satchell glenn.satchell at uniq.com.au
Wed Sep 4 23:47:58 UTC 2013

On Thu, September 5, 2013 7:00 am, Martin McCormick wrote:
> Chris Buxton writes:
>> Where did you read that?
>> I would use 'deny client-updates' rather than 'ignore'. I would
>> certainly
>> not suddenly switch to 'allow', for exactly the reasons you gave ? it
>> wreaks havoc. (But why are your DNS zones accepting updates from
>> clients?)
> 	I think this is turning out to be a misunderstanding on
> our part as in me and my coworkers.
> 	we were set up for years to allow clients who had
> configured their own host names to register the left-most part
> of their name when obtaining a dynamic lease. A static bootP
> registration uses a name we provided, usually at the client's
> request, but still, we provided it and the client system
> couldn't change it.
> 	We were under the impression that denying client-updates
> was deprecated and so we started allowing them which is causing the
> Active Directory systems to begin registering reverse A records
> with the ad.okstate.edu fqdn. The directive is working exactly
> as advertised so here is another question as I begin the process
> of persuading my coworkers that we need to go back to our
> original settings.
> 	We were originally set to
> ignore client-updates;
> This was mainly because we didn't want to log attempts but let
> them silently occur. If we went to deny client-updates, what
> would be the difference?
> 	Thanks for the information.
> Martin McCormick

This is from the dhcpd.conf man page in the section THE INTERIM DNS UPDATE

     Further, if the ignore client-updates;  directive  is  used,
     then the server will in addition send a response in the DHCP
     packet, using the FQDN Option, that implies  to  the  client
     that  it  should perform its own updates if it chooses to do
     so.  With deny client-updates;, a  response  is  sent  which
     indicates the client may not perform updates.

So, ignore allows the client to do an update if it wishes to; deny tells
it to not do updates. Depending on the client, it may not send an update
in either case.

I'd just set it back to what you had originally, since that was working
the way you wanted.


More information about the dhcp-users mailing list