Dynamic DNS updates in internal LAN
S. Anthony Sequeira
tony at sequeira.com
Wed Apr 21 12:08:07 PDT 2004
On Wed, 21 Apr 2004 13:25:40 -0500, Dagmar d'Surreal penned:
> On Wed, 2004-04-21 at 06:20, Tony Sequeira wrote:
>> Pardon the length, trying to give as much info as possible.
>> Can anyone help?
>> I'm being driven to distraction here.
>> I have a network which includes an LFS DHCP client (ISC dhclient)
>> and a FreeBSD 4.9 stable DHCP and DNS server.
>> My daughters WinXP (DHCP client) box successfully updates DNS when it
>> comes online.
> *buzz* AFAIK it's the DHCP _server_ that makes the DDNS updates, not the
> DHCP client.
>> However, I cannot make the LFS DHCP client do so *properly*.
> You can make it do so improperly? What's the mangled result?
>> After a loooong time researching the problem and experimenting, I ended
>> up with the following in my dhclient.conf:
>> send fqdn.fqdn "aurora.sequestor.lan.";
>> send fqdn.encoded off;
>> send fqdn.server-update off; # 'on' didn't work for me, the point is
>> # that the '*client' does the update.
> Are you 100% sure about that. Hint hint. None of those three entries
> should be needed.
They apparently are for me.
>> which *appears* fine. I can ping, ssh and whatever aurora from any
>> other machine on the LAN.
>> However there is a problem when trying to print to the network printer
>> connected to the FreeBSD machine. FreeBSD requires host names in
>> /etc/hosts.lpd and/or /etc/hosts.equiv. It will *not* print from the
>> LFS client. Something about an invalid host.
>> This is what I get if I try 'host' from my gateway (not the DNS/DHCP
>> $ host aurora
>> aurora.sequestor.lan has address 192.168.0.138
>> $ host 192.168.0.138
>> Host 184.108.40.206.in-addr.arpa not found: 3(NXDOMAIN)
> Forward records aren't the same as reverse.
I do realise that, however the fact remains the WinXP client manages both.
>> Any ideas here please? I've been battling with this for at least 2
>> months on and off.
>> Oh, and I have spent a *lot* of time with this site:
>> in case anyone refers me to it. I want to get the basics working
>> before I go for security.
> Unless that URL refers to the man pages or other documentation for your
> DHCP server, you're reading the wrong stuff, man. I am serious when I
> say that I'm pretty sure the DHCP server handles DDNS updates.
> 1. Any admin that will allow just *any* client on their LAN to alter
> nameservice tables is a fool.
> 2. DDNS updates generally require a key or other special access to
> prevent changes from being made by unauthorized parties.
> 3. You _really_ want to only have DDNS changes from specific hosts as
> defined in the DHCP server configuration, otherwise clients can take
> fanciful hostnames such as "windowsupdate", "www.symantec.com",
> "$@##%!@%$ machine" and you don't want entries like this in your zone
OK, thanks. I'll take it from here. Sigh. Sometimes it pays to ask early!
Experience is directly proportional to the cost of the equipment ruined.
More information about the blfs-support