One A-Record for two different Interfaces
thomas.zenz at oenb.at
thomas.zenz at oenb.at
Fri Sep 8 11:48:43 UTC 2017
Hi to all.
I had the Problem Has an address record but no DHCID not mine
<http://isc-dhcp-users.2343191.n4.nabble.com/Has-an-address-record-but-no-DHCID-not-mine-tt1989.html>
and found out dhcpd is working fine.
Because I think we are not the only ones with that problem, I would like to
invete you all to disuss this.
The situation is the following:
A Laptop is connected via LAN to the company Network. DHCP Offers an address
10.1.1.1 for 14 days and makes the DNS A and PTR Record.
Out of a sudden, the user takes the Laptop out of the docking station and
WiFi kicks in. The VPN client checks that it is an unsecure network and
starts the tunnel and requests a new IP.
DHCP Offers 10.2.2.2 for one hour and tries to make DNS A and PTR Record.
Because the A Record is still valid for 10.1.1.1 and the DHCID is different
(a different Interface/UID). The A Record update fails.
If the User needs support, the helpdesk cannot resolve the IP via DNS.
I have three solution all with some kind of negative touch. How do you solve
this problem?
1) A second DNS Domain for VPN Clients. company.com and vpn.company.com.
- the user has to know if he uses VPN or not.
- helpdesk has to use FQN because the first suffix will win.
- the certificate of the PC is issued for company.com not vpn.company.com
resulting in a certificate errors.
2) Shorter lease times.
- more dhcp and dns-update traffic
- still a gap where the A record is wrong
3) Client registers DNS
- Trusting a PC meaning a Client can pretend to be the domain controller
--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
More information about the dhcp-users
mailing list