DHCID messages

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

DHCID messages

Leroy Tennison
I am getting a number of messages about "Forward map from <DNS name> to <IP adress> FAILED: Has an address record but no DHCID, not mine.  In the logs I'm seeing these messages prior to this:

"updating zone '<DNS zone for above name>/IN': update unsuccessful: <DNS name>: 'name not in use' prerequisite not satisfied (YXDOMAIN)" - using named-compilezone with -j I'm seeing that both an A and TXT record exist (we are using  interim as the ddns-update-style).

and

"updating zone '<DNS zone for above name>/IN': update unsuccessful: <DNS name>/TXT: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)".

As best as I can tell, what is happening is the client is moving from a wired connection to a WiFi connection (for meetings) or vice versa.  Initially I was looking for a way to make the MAC address rather than the system name the unique identifier for the system then I came across the update-conflict-detection parameter.

Am I understanding the description correctly, if this parameter is set to off and the client "changes MAC addresses" (due to a switch to/from WiFi) then the dhcp server will remove the previous DDNS entry and replace it with the current one?  Are there disadvantages to doing this?

If that isn't the way to handle this situation, how can I make the MAC address (rather than the system name) the unique identifier for DDNS?

Thanks for your help.


Join us
at the 2018 Momentum User Conference!
Register
here
Leroy Tennison
Network Information/Cyber Security Specialist
E: [hidden email]
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCID messages

Thomas Markwalder
Hello:

If you turn off conflict detection, then different clients attempting to
use the same FQDN can overwrite each other's DNS entries. Whether or not
you view that as a risk is up to you.

For DHCPv4 the DHCID is constructed from the client identifier option if
the client sends it, the MAC address otherwise. If your client always
sends the same client identifier regardless of the network it is on,
then the server should be able to update DNS entries for it as it roams
between networks and do so with conflict detection enabled.

Regards,

Thomas Markwalder
ISC Software Engineering

On 08/14/2018 05:12 PM, Leroy Tennison wrote:

> I am getting a number of messages about "Forward map from <DNS name> to <IP adress> FAILED: Has an address record but no DHCID, not mine.  In the logs I'm seeing these messages prior to this:
>
> "updating zone '<DNS zone for above name>/IN': update unsuccessful: <DNS name>: 'name not in use' prerequisite not satisfied (YXDOMAIN)" - using named-compilezone with -j I'm seeing that both an A and TXT record exist (we are using  interim as the ddns-update-style).
>
> and
>
> "updating zone '<DNS zone for above name>/IN': update unsuccessful: <DNS name>/TXT: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)".
>
> As best as I can tell, what is happening is the client is moving from a wired connection to a WiFi connection (for meetings) or vice versa.  Initially I was looking for a way to make the MAC address rather than the system name the unique identifier for the system then I came across the update-conflict-detection parameter.
>
> Am I understanding the description correctly, if this parameter is set to off and the client "changes MAC addresses" (due to a switch to/from WiFi) then the dhcp server will remove the previous DDNS entry and replace it with the current one?  Are there disadvantages to doing this?
>
> If that isn't the way to handle this situation, how can I make the MAC address (rather than the system name) the unique identifier for DDNS?
>
> Thanks for your help.
>
>
> Join us
> at the 2018 Momentum User Conference!
> Register
> here
> Leroy Tennison
> Network Information/Cyber Security Specialist
> E: [hidden email]
> 2220 Bush Dr
> McKinney, Texas
> 75070
> www.datavoiceint.com
> TThis message has been sent on behalf
> of a company that is part of the Harris Operating Group of
> Constellation Software Inc. These companies are listed
> here
> .
> If you prefer not to be contacted by Harris
> Operating Group
> please notify us
> .
> This message is intended exclusively for the
> individual or entity to which it is addressed. This communication
> may contain information that is proprietary, privileged or
> confidential or otherwise legally exempt from disclosure. If you are
> not the named addressee, you are not authorized to read, print,
> retain, copy or disseminate this message or any part of it. If you
> have received this message in error, please notify the sender
> immediately by e-mail and delete all copies of the
> message.
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCID messages

Leroy Tennison
Thank you for your reply, I appreciate it.  I hadn't thought about different clients trying to use the same FQDN and the other information is helpful.  Gives me some direction.


Join us
at the 2018 Momentum User Conference!
Register
here
Leroy Tennison
Network Information/Cyber Security Specialist
E: [hidden email]
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.

________________________________________
From: dhcp-users <[hidden email]> on behalf of Thomas Markwalder <[hidden email]>
Sent: Wednesday, August 15, 2018 5:54 AM
To: [hidden email]
Subject: [EXTERNAL] Re: DHCID messages

Hello:

If you turn off conflict detection, then different clients attempting to
use the same FQDN can overwrite each other's DNS entries. Whether or not
you view that as a risk is up to you.

For DHCPv4 the DHCID is constructed from the client identifier option if
the client sends it, the MAC address otherwise. If your client always
sends the same client identifier regardless of the network it is on,
then the server should be able to update DNS entries for it as it roams
between networks and do so with conflict detection enabled.

Regards,

Thomas Markwalder
ISC Software Engineering

On 08/14/2018 05:12 PM, Leroy Tennison wrote:

> I am getting a number of messages about "Forward map from <DNS name> to <IP adress> FAILED: Has an address record but no DHCID, not mine.  In the logs I'm seeing these messages prior to this:
>
> "updating zone '<DNS zone for above name>/IN': update unsuccessful: <DNS name>: 'name not in use' prerequisite not satisfied (YXDOMAIN)" - using named-compilezone with -j I'm seeing that both an A and TXT record exist (we are using  interim as the ddns-update-style).
>
> and
>
> "updating zone '<DNS zone for above name>/IN': update unsuccessful: <DNS name>/TXT: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)".
>
> As best as I can tell, what is happening is the client is moving from a wired connection to a WiFi connection (for meetings) or vice versa.  Initially I was looking for a way to make the MAC address rather than the system name the unique identifier for the system then I came across the update-conflict-detection parameter.
>
> Am I understanding the description correctly, if this parameter is set to off and the client "changes MAC addresses" (due to a switch to/from WiFi) then the dhcp server will remove the previous DDNS entry and replace it with the current one?  Are there disadvantages to doing this?
>
> If that isn't the way to handle this situation, how can I make the MAC address (rather than the system name) the unique identifier for DDNS?
>
> Thanks for your help.
>
>
> Join us
> at the 2018 Momentum User Conference!
> Register
> here
> Leroy Tennison
> Network Information/Cyber Security Specialist
> E: [hidden email]
> 2220 Bush Dr
> McKinney, Texas
> 75070
> www.datavoiceint.com
> TThis message has been sent on behalf
> of a company that is part of the Harris Operating Group of
> Constellation Software Inc. These companies are listed
> here
> .
> If you prefer not to be contacted by Harris
> Operating Group
> please notify us
> .
> This message is intended exclusively for the
> individual or entity to which it is addressed. This communication
> may contain information that is proprietary, privileged or
> confidential or otherwise legally exempt from disclosure. If you are
> not the named addressee, you are not authorized to read, print,
> retain, copy or disseminate this message or any part of it. If you
> have received this message in error, please notify the sender
> immediately by e-mail and delete all copies of the
> message.
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCID messages

Simon Hobson
Leroy Tennison <[hidden email]> wrote:

> Thank you for your reply, I appreciate it.  I hadn't thought about different clients trying to use the same FQDN  ...

Also, it's not just other clients DNS that can get over-written with the wrong settings. Think about if someone names their client the same as ${very_important_server} and has the DNS updated to point to itself - that's one of the main reasons for using the conditional update mechanism.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCID messages

Thomas Markwalder


On 08/16/2018 08:22 AM, Simon Hobson wrote:
> Leroy Tennison <[hidden email]> wrote:
>
>> Thank you for your reply, I appreciate it.  I hadn't thought about different clients trying to use the same FQDN  ...
> Also, it's not just other clients DNS that can get over-written with the wrong settings. Think about if someone names their client the same as ${very_important_server} and has the DNS updated to point to itself - that's one of the main reasons for using the conditional update mechanism.

Excellent point, Simon.

Cheers,

Thomas
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users