One A-Record for two different Interfaces

thomas.zenz at oenb.at thomas.zenz at oenb.at
Fri Sep 8 11:48:43 UTC 2017


	
Hi to all.

I had the Problem  Has an address record but no DHCID not mine
<http://isc-dhcp-users.2343191.n4.nabble.com/Has-an-address-record-but-no-DHCID-not-mine-tt1989.html>  
and found out dhcpd is working fine. 

Because I think we are not the only ones with that problem, I would like to
invete you all to disuss this.

The situation is the following:
A Laptop is connected via LAN to the company Network. DHCP Offers an address
10.1.1.1 for 14 days and makes the DNS A and PTR Record.
Out of a sudden, the user takes the Laptop out of the docking station and
WiFi kicks in. The VPN client checks that it is an unsecure network and
starts the tunnel and requests a new IP.
DHCP Offers 10.2.2.2 for one hour and tries to make DNS A and PTR Record.
Because the A Record is still valid for 10.1.1.1 and the DHCID is different
(a different Interface/UID). The A Record update fails.
If the User needs support, the helpdesk cannot resolve the IP via DNS.

I have three solution all with some kind of negative touch. How do you solve
this problem?

1) A second DNS Domain for VPN Clients. company.com and vpn.company.com.
 - the user has to know if he uses VPN or not.
 - helpdesk has to use FQN because the first suffix will win.
 - the certificate of the PC is issued for company.com not vpn.company.com
resulting in a certificate errors.
2) Shorter lease times.
 - more dhcp and dns-update traffic
 - still a gap where the A record is wrong
3) Client registers DNS
 - Trusting a PC meaning a Client can pretend to be the domain controller




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/


More information about the dhcp-users mailing list