Dynamic DNS updates in internal LAN

S. Anthony Sequeira tony at sequeira.com
Wed Apr 21 12:08:07 PDT 2004


On Wed, 21 Apr 2004 13:25:40 -0500, Dagmar d'Surreal penned:

> On Wed, 2004-04-21 at 06:20, Tony Sequeira wrote:
>> Pardon the length, trying to give as much info as possible.
>> 
>> Can anyone help?
>> 
>> I'm being driven to distraction here.
>> 
>> I have a network which includes an LFS DHCP client (ISC dhclient)
>> and a FreeBSD 4.9 stable DHCP and DNS server.
>> 
>> My daughters WinXP (DHCP client) box successfully updates DNS when it
>> comes online.
> 
> *buzz* AFAIK it's the DHCP _server_ that makes the DDNS updates, not the
> DHCP client.
> 
>> However, I cannot make the LFS DHCP client do so *properly*.
> 
> You can make it do so improperly?  What's the mangled result?
> 
>> After a loooong time researching the problem and experimenting, I ended
>> up with the following in my dhclient.conf:
>> 
>> send fqdn.fqdn "aurora.sequestor.lan.";
>> send fqdn.encoded off;
>> send fqdn.server-update off;    # 'on' didn't work for me, the point is
>>                                 # that the '*client' does the update.
> 
> Are you 100% sure about that.  Hint hint.  None of those three entries
> should be needed.

They apparently are for me.
 
>> which *appears* fine.  I can ping, ssh and whatever aurora from any
>> other machine on the LAN.
> 
>> However there is a problem when trying to print to the network printer
>> connected to the FreeBSD machine.  FreeBSD requires host names in
>> /etc/hosts.lpd and/or /etc/hosts.equiv.  It will *not* print from the
>> LFS client.  Something about an invalid host.
>> 
>> This is what I get if I try 'host' from my gateway (not the DNS/DHCP
>> server):
>> 
>> $ host aurora
>> aurora.sequestor.lan has address 192.168.0.138
>> $ host 192.168.0.138
>> Host 138.0.168.192.in-addr.arpa not found: 3(NXDOMAIN)
> 
> Forward records aren't the same as reverse.

I do realise that, however the fact remains the WinXP client manages both.

>> Any ideas here please?  I've been battling with this for at least 2
>> months on and off.
>> 
>> Oh, and I have spent a *lot* of time with this site:
>> 
>> http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
>> 
>> in case anyone refers me to it.  I want to get the basics working
>> before I go for security.
> 
> Unless that URL refers to the man pages or other documentation for your
> DHCP server, you're reading the wrong stuff, man.  I am serious when I
> say that I'm pretty sure the DHCP server handles DDNS updates.
> 
> Reasons:
> 
> 1. Any admin that will allow just *any* client on their LAN to alter
> nameservice tables is a fool.
> 
> 2. DDNS updates generally require a key or other special access to
> prevent changes from being made by unauthorized parties.
> 
> 3. You _really_ want to only have DDNS changes from specific hosts as
> defined in the DHCP server configuration, otherwise clients can take
> fanciful hostnames such as "windowsupdate", "www.symantec.com",
> "$@##%!@%$ machine" and you don't want entries like this in your zone
> information.

OK, thanks. I'll take it from here.  Sigh.  Sometimes it pays to ask early!

-- 
Tony

Experience is directly proportional to the cost of the equipment ruined.




More information about the blfs-support mailing list