Commit 00cd3e9b authored by Shawn Routhier's avatar Shawn Routhier
Browse files


Remove outdated section on ad-hoc DDNS
[ISC-Bugs #21798 #29939]
parent baf3df72
......@@ -487,50 +487,8 @@ you will execute that command every time a scope is evaluated.
The DHCP client and server have the ability to dynamically update the
Domain Name System. Within the configuration files, you can define
how you want the Domain Name System to be updated. These updates are
RFC 2136 compliant so any DNS server supporting RFC 2136 should be
able to accept updates from the DHCP server.
Support for TSIG and DNSSEC is not yet available. When you set your
DNS server up to allow updates from the DHCP server or client, you may
be exposing it to unauthorized updates. To avoid this, the best you
can do right now is to use IP address-based packet filtering to
prevent unauthorized hosts from submitting update requests.
Obviously, there is currently no way to provide security for client
updates - this will require TSIG or DNSSEC, neither of which is yet
available in the DHCP distribution.
Dynamic DNS (DDNS) updates are performed by using the \fBdns-update\fR
expression. The \fBdns-update\fR expression is a boolean expression
that takes four parameters. If the update succeeds, the result is
true. If it fails, the result is false. The four parameters that the
are the resource record type (RR), the left hand side of the RR, the
right hand side of the RR and the ttl that should be applied to the
record. The simplest example of the use of the function can be found
in the reference section of the dhcpd.conf file, where events are
described. In this example several statements are being used to make
the arguments to the \fBdns-update\fR.
In the example, the first argument to the first \f\Bdns-update\fR
expression is a data expression that evaluates to the A RR type. The
second argument is constructed by concatenating the DHCP host-name
option with a text string containing the local domain, in this case
"". The third argument is constructed by converting
the address the client has been assigned from a 32-bit number into an
ascii string with each byte separated by a ".". The fourth argument,
the TTL, specifies the amount of time remaining in the lease (note
that this isn't really correct, since the DNS server will pass this
TTL out whenever a request comes in, even if that is only a few
seconds before the lease expires).
If the first \fBdns-update\fR statement succeeds, it is followed up
with a second update to install a PTR RR. The installation of a PTR
record is similar to installing an A RR except that the left hand side
of the record is the leased address, reversed, with ""
concatenated. The right hand side is the fully qualified domain name
of the client to which the address is being leased.
See the dhcpd.conf and dhclient.conf man pages for more information
about DDNS.
dhcpd.conf(5), dhcpd.leases(5), dhclient.conf(5), dhcp-options(5), dhcpd(8),
dhclient(8), RFC2132, RFC2131.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment