Home > Articles > Networking

  • Print
  • + Share This
From the author of

Dynamic Updates by the Client

In the preceding section, I have assumed that the DHCP server would do the DNS updates. The DHCP server does not have to, of course; indeed, on a limited scale, DNS updates may be easier to do on the clients. Doing DNS updates from the DHCP server gives low ACL/key maintenance overhead, and, if need be, full control of what gets added. But there is nothing stopping you from giving the DHCP (or PPP) client access to update DNS. By running a simple script after the interface has been assigned an address, DNS can be updated:


export PATH


IP=`ifconfig $IF | awk '/inet/ { print $2; }'`

nsupdate <<EOC
update delete $NAME
update add $NAME $TTL A $IP

The preceding script works on Solaris—it needs to be adapted to other OSs. The interface names and the output of ifconfig varies wildly between OSes. In addition, add the -k option if you want to use TSIG signing.

However, this last section leaves DNS and brings us to the true matter: IP management. Assigning addresses, determining TTLs, and allowing updates is something each site must work out. DNS only mirrors your IP management policies (or lack thereof).

Discussing DHCP and outlining factors that are important to secure, integrated DNS operations is a good topic. Single A record zones and client updates are great topics when phrased in the context of IP management. This is an idea to consider.

As a final point, if you get a slew of disallowed update warnings, 10-to-1 odds are that somebody is working with Win2k Workstation—which tries to update the primary controller by default. This might be a point to mention. Another bit of Win2k/Win98 nonsense: They dynamically allocate 169.254 addresses to devices as a part of their small office services. This will show up in the logs. Even better, unless ACLs are set, a dial-in Win98 (2nd edition) or Win2k Workstation node will give out 169.254 address to Win98/Win2k workstations in the local segment so they can use the dial-up box as a valid Internet connection gateway. Yes, this redefines the eth interface for you!

  • + Share This
  • 🔖 Save To Your Account