help me explain
Simon Hobson
dhcp1 at thehobsons.co.uk
Fri Oct 21 19:54:09 UTC 2016
"Cuttler, Brian R (HEALTH)" <brian.cuttler at health.ny.gov> wrote:
> I just need one for the cms.wadsworth.org, nuke all of the cms<vlannumber>.wadsworth.org ones.
Yes, but see below ...
> What about the ones I'd created for the Reverse zones, are those needed at all?
That depends on your setup.
If your internal DNS is setup with the correct SOA records, AND you aren't using signed updates, then you don't need any zone declarations at all. By default, the server will look at the SOA record for the zone (cms.wadsworth.org or xx.57.10.in-addr.arpa in your case) and get the master DNS server from that - then sends the (unsigned) update requests to it.
This does require that the DNS server be setup to accept unsigned updates, which in the general case is "unsafe". You could lock it down and just accept updates from certain IP addresses - eg if this is a dedicated system, with restricted users (so you can trust anyone with access), then just accepting updates from "localhost" may be OK.
But in the general case, you want to restrict the system to signed updates. To do this, you need to define each zone in the DHCP server just so you can specify the key to be used for each one.
More information about the dhcp-users
mailing list