Re: dhcp-dns problem
Thanks for all the info. It's amazing what Microsoft will try to pass off as
a feature while the whole time opening up your entire DNS structure to the whims
of any user out there.
Anyway, back to the problem at hand:
Will turning this "feature??" off in Win2K allow the dhcp-dns scripts in
linux to update bind?
How do I fix the problem of dhcp-dns not updating bind? Is it related to the
Thanks for all the help and info.,
Craig Sanders wrote:
> On Fri, Sep 07, 2001 at 08:17:04AM -0700, Dean A. Roman wrote:
> > I'm a bit confused, and it is probably because I don't totally
> > understand how the dynamic dns updates work.
> if the rejected updates are coming from a W2K machine then it has
> nothing to do with dhcp-dns. it's a fault with W2K.
> > 192.168.100.100 is the windows machine that checked out the IP address
> > from the dhcp server(srfs1-192.168.100.20).
> > Should update requests be coming from a dhcp client?
> > How is the windows 2k dhcp client requesting a dns update?
> because microsoft thought it would be a good idea for clients to be able
> to update the DNS on the server, and for that stupidity to be ON by
> anyone but microsoft would have realised that it is insane from a
> security perspective to let unauthenticated & unauthorised client
> machines screw around with such a fundamental service.
> this bug, btw, is particularly annoying if you host the DNS for a domain
> that is similar to a well-known/popular domain...you get hit by bogus
> update requests from all over the planet from moron users running W2K.
> ditto if you run a dialup ISP with customers running W2K.
> at first i thought this was some new kind of DNS attack, until i
> realised that it was just another "innovative" new idea from Microsoft.
> and there's nothing you can do about it unless you control the client
> fortunately you have access to the machines on your network so it can be
> disabled. look under TCP/IP settings on the W2K machine.
> > Does this mean that I need to put the entire subnet range that I allow
> > for dhcp checkout(192.168.100.100-255) in the acl?
> not unless you want your end-users to be able to modify your DNS at
> > I thought that I only had to list the dhcp server(192.168.100.20) in
> > the allow-update field?
> craig sanders <email@example.com>
> Fabricati Diem, PVNC.
> -- motto of the Ankh-Morpork City Watch
adr:;;2116 Crosspoint Ave.;Santa Rosa;California;95403;USA