<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Dear All,</p>
<p>After writing to the list I suddenly got some inspiration not
seen in months. Thanks for your thoughts,<br>
and silent prayers ...</p>
<p>What I got with is this:</p>
<p><font face="monospace">if ((substring (option host-name, 0, 3) =
"PC-") or<br>
(substring (option host-name, 0, 8) = "DESKTOP-") or<br>
(substring (option host-name, 0, 4) = "ALU-") or<br>
(substring (option host-name, 0, 2) = "S-") or<br>
(substring (option host-name, 0, 3) = "NO-") or<br>
(substring (option host-name, 0, 6) = "OKIRU-") or<br>
(substring (option host-name, 0, 7) = "OZAFIN-") or<br>
(substring (option host-name, 0, 8) = "MikroTik")) {<br>
default-lease-time 43200;<br>
} else {<br>
default-lease-time 1800;<br>
}<br>
<br>
# mtodorov 20220520, from dhcp-users<br>
if (not (option host-name ~~ "^[a-z0-9][a-z0-9\-]+[a-z0-9]$")) {<br>
set new_host-name = concat("host-", binary-to-ascii(16,
8, "-", substring(hardware, 1, 6)));<br>
log(concat("invalid hostname: ", option host-name, "
=> ", new_host-name));<br>
ddns-hostname = new_host-name;<br>
} elsif (exists host-name) {<br>
ddns-hostname = option host-name;<br>
}<br>
</font></p>
<p>I came across the notion that or might have greater priority than
= comparison and added plenty of parentheses.<br>
Now it appears to work as expected (part 2, the allotment of
default-lease-time by the type of device).</p>
<p>However, the solution with supplementing a hostname derived from
MAC address when there is a _ or UTF-8<br>
character in option host-name is only partially satisfactory. I
can look up the type of device and vendor by MAC<br>
unless it is also forged by hiding original hw MAC, which is as
you know trivial to do and default on some<br>
smartphones (like my device).</p>
<p>I considered the execute() statement, but it doesn't seem to
return anything but the status error code.</p>
<p>Alternatively, I can set "check-names warn;" in BIND9
named.conf.local for the dynamically updated zone, but this is<br>
less than optimal, as it could open the door for spoofed hostname
attacks on old DNS servers who do not talk UTF8.</p>
<p>I can't see any such option in dpchd.conf (5) nor dhcp-eval (5)
manual pages, nor on the kb.isc.org manual.<br>
Perhaps Kea has such an option. It seems rather straightforward to
have something like:</p>
<p><font face="monospace">if (not (option host-name ~~
"^[a-z0-9][a-z0-9\-]+[a-z0-9]$")) {<br>
<b><font color="#ff0000">set new_host-name = translit
(option host-name, "_ČĆĐŠŽčćđšž", "-CCDSZccdsz");</font></b><br>
log(concat("invalid hostname: ", option host-name, "
=> ", new_host-name));<br>
ddns-hostname = new_host-name;<br>
} elsif (exists host-name) {<br>
ddns-hostname = option host-name;<br>
}<br>
</font>
</p>
<p>Kind regards,<br>
Mirsad<br>
</p>
<div class="moz-cite-prefix">On 5/20/2022 12:09 PM, Mirsad Todorovac
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8e94f6d0-4439-adc9-4793-f3b68a1a7ff6@alu.unizg.hr">Dear
All,
<br>
<br>
1. I was receiving errors for a long time like this one:
<br>
<br>
May 20 11:50:42 domac dhcpd[29435]: DHCPREQUEST for 192.168.100.59
from a8:7d:12:f8:e8:6c (HUAWEI_Y7_Prime_2018-d716) via eth0
<br>
May 20 11:50:42 domac dhcpd[29435]: DHCPACK on 192.168.100.59 to
a8:7d:12:f8:e8:6c (HUAWEI_Y7_Prime_2018-d716) via eth0
<br>
May 20 11:50:42 domac dhcpd[29435]: Unable to add forward map from
HUAWEI_Y7_Prime_2018-d716.local.alu.hr to 192.168.100.59: REFUSED
<br>
<br>
May 20 11:48:47 domac named[5524]: zone local.alu.hr/IN:
Win-Ra\159unalo.local.alu.hr/A: bad owner name (check-names)
<br>
May 20 11:48:47 domac dhcpd[29435]: Unable to add forward map from
Win-Ra�unalo.local.alu.hr to 192.168.100.235: REFUSED
<br>
<br>
Additionally, some users have added ČĆĐŠŽčćđšž Latin2 characters
to hostnames or smartphone names on WLAN.
<br>
<br>
It is difficult to change all of these, especially on user's
smartphones who usually connect without even seeing us
administrators.
<br>
Also, disabling BIND9 name checks might make users unable to
browse as some other services would reject their reverse DNS names
as spoofed.
<br>
<br>
It would be very useful if there was a way to do in DHCPD
dhcp-eval scripting what is done with the effect of:
<br>
<br>
% tr '_ČĆĐŽŠčćđšž' '-CCDSZccdsz' < in > out
<br>
<br>
that is, transliterate characters, or search & replace. I
couldn't find that option in dhcpd.conf nor in dhcp-eval.
<br>
<br>
2. I have also tried this to have PCs 12h lease time and
smartphones 30min,
<br>
but it did not work:
<br>
<br>
if substring (option host-name, 0, 3) = "PC-" or
<br>
substring (option host-name, 0, 8) = "DESKTOP-" or
<br>
substring (option host-name, 0, 4) = "ALU-" or
<br>
substring (option host-name, 0, 2) = "S-" or
<br>
substring (option host-name, 0, 3) = "NO-" or
<br>
substring (option host-name, 0, 6) = "OKIRU-" or
<br>
substring (option host-name, 0, 7) = "OZAFIN-" or
<br>
substring (option host-name, 0, 8) = "MikroTik"
<br>
{
<br>
default-lease-time 43200;
<br>
} else {
<br>
default-lease-time 1800;
<br>
}
<br>
<br>
Thank you very much.
<br>
<br>
My version of DHCPD is:
<br>
<br>
root@domac:~# dpkg -l isc-dhcp-server
<br>
ii isc-dhcp-server 4.4.1-2+deb10u1 amd64 ISC DHCP server
for automatic IP address assignment
<br>
root@domac:~#
<br>
<br>
Best regards,
<br>
Mirsad Todorovac
<br>
<br>
</blockquote>
<pre class="moz-signature" cols="72">--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355</pre>
</body>
</html>