On Mon, 2011-06-13 at 01:44 +1000, Matthew Palmer wrote:
And I *still* think it's a better idea for the client to be registering itself in DNS; the host knows what domain(s) it should be part of, and hence which names refer to itself and should be updated with it's new address.
Having tried that, we ended up doing it via DHCP (v4 at the time). We only had probably 15-20K hosts trying to register their names, but the results were sobering. At a rough estimate, one in a hundred was properly configured. We saw obscenities, random strings, thousand-byte names, empty names, invalid names, names with a hundred labels, "my name is Andrew" - you name it, it came and tried to register itself. And then there were the clients. Clients that tried as fast as they could to register their name dozens of times per second, clients that tried to register many names, clients that registered and then immediately deregistered their names, clients that never deregistered their names at all, clients that tried to register important names like "www.ourdomain", clients that had completely broken protocol support... Our logs were filling at thousands of lines per second. So we moved the job to the DHCP server, and most of the problems went away. The server got the desired name from the client, could check it for some level of sanity and could register it properly. The server could also deregister the names when the clients went away, or at least at the end of the lease period. Most hosts *did* speak the DHCP protocol adequately well. Instead of having to allow open slather, we could allow just two hosts to make TSIG-protected updates. The logs became useful again. So although YMMV, I can highly recommend letting your DHCP servers do DDNS instead of letting the clients do it themselves. No doubt it depends on a multitude of factors, not least being whether you actually use DHCP, but in general, it worked a LOT better for us. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156