topic BIND 9 -> double DDNS entries in Operating System - Linux

BIND 9 -> double DDNS entries

'chris' — Mon, 26 Apr 2010 22:58:09 GMT

hi

We're using linux with BIND9

# named -v
BIND 9.3.4-P1.2

as DDNS server for WINDOWS clients and servers.
It works well, WINDOWS server and clients creates their DNS entries on the BIND zone, but there is only one problem.
If the WINDOWS client or server change its IP address, then we have double entries on the BIND zone, for example:

# nslookup 10.10.2.6
Server: 127.0.0.1
Address: 127.0.0.1#53

6.2.10.10.in-addr.arpa name = SRV1.domain.net.

ns1:~# nslookup 10.10.1.99
Server: 127.0.0.1
Address: 127.0.0.1#53

99.1.10.10.in-addr.arpa name = SRV1.domain.net.

my BIND setiings:

options {
directory "/var/cache/bind";

#auth-nxdomain no;

multiple-cnames no;
cleaning-interval 720;
interface-interval 0;
datasize default;
stacksize default;
coresize default;

recursion yes;
# check-names master ignore;

listen-on port 53 { 127.0.0.1; 10.10.1.10; };

# listen-on-v6 { any; };

#allow-query { 127.0.0.1; };

notify no;
};

Howto configure BIND9 to prevent of double DDNS entries?

Re: BIND 9 -> double DDNS entries

Matti_Kurkela — Tue, 27 Apr 2010 05:27:52 GMT

Your listing of BIND settings is incomplete. I cannot see any DDNS settings.

In this case, it would be important to know which entity makes the DDNS update requests: is it the DHCP server or the client hosts themselves?

Because a host can legitimately have multiple IP addresses, BIND cannot simply remove an older entry when a new one is requested. Something must explicitly request for the old entry to be removed. The client host can do the unregistration only if it knows in advance that the address is going to be deconfigured: if the network cable is simply disconnected, the client won't know to unregister until it's too late.

If the DHCP server is in charge of making the DDNS updates, it technically could remove the records when the DHCP lease expires, or when the same NIC is assigned a different IP address. I don't know if your DHCP server can actually be configured to work like this... but as far as I can see, it *could* be possible.

In your situation, you have two reverse lookup records (PTR records) pointing to SRV1.domain.net. One has the IP address 10.10.2.6, the other 10.10.1.99. If SRV1.domain.net has 2 IP addresses, this is exactly as it should be.

If only one of those IP addresses is valid (i.e. the other is not currently assigned to any host at all), this is a temporary situation that will fix itself as soon as some other host is assigned to the currently-unoccupied address.

Meanwhile, the old PTR record serves as a kind of documentation: "this used to be the IP address of SRV1.domain.net and hasn't been used for anything else since then." As it is a reverse lookup record, it should not cause any confusion. If it simply offends your sense of neatness, I'm afraid you have to endure it :)

MK

Re: BIND 9 -> double DDNS entries

Steven E. Protter — Tue, 27 Apr 2010 13:49:59 GMT

Shalom,

This might be as simple as latency in the replication of this zone. Do you change the serial number on the zone record when you make changes?

SEP