Re: is your host or dhcp server sending dns dynamic updatesfor rfc1918?
"Martin J. Levy" wrote:
I wanted to add a flag to bind to "silently ignore" these requests, but alas this is not a good solution for reverse-dns private space.
I have a very simple patch to BIND 8.3.1 to create a category just for these requests so that they can easily be sent to the null channel. Happy to send it on if anyone is interested. Also, since I operate authoritative DNS servers for our *mumble*BIGNUM*mumble* customers, we used to get besieged by these update requests from our eager new customers who named their home (or office, whatever) computers in their shiny new domain name. At one point, the server listed in the MNAME field of the SOA got more update requests than queries! My solution for this was to change the MNAME field to no-dyn-updates.san.yahoo.com, which resolves to the loopback address. (After overcoming tremendous temptation to make it resolve to 207.46.138.20.) W2k's behavior here is truly horrible... it sends 5 requests at startup, then keeps sending requests, apparently forever, till it gets an answer it thinks it likes. Before taking this step, I tested it fairly thoroughly, and got the advice of some windows experts on whether this would break things. It's been in place for about 6 months now, and so far we haven't heard a single complaint. The only problem this ever causes is when registering domains through certain ccTLD registries that require MNAME to be one of the servers listed in the NS set. <Insert typical legal disclaimer here about if you try this, you're on your own, etc.> -- Doug Barton, Yahoo! DNS Administration and Development If you're never wrong, you're not trying hard enough. Do YOU Yahoo!?
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Doug Barton Sent: April 19, 2002 2:56 PM To: nanog@merit.edu Subject: Re: is your host or dhcp server sending dns dynamic updatesfor rfc1918?
Also, since I operate authoritative DNS servers for our *mumble*BIGNUM*mumble* customers, we used to get besieged by these update requests from our eager new customers who named their home (or office, whatever) computers in their shiny new domain name. At one point, the server listed in the MNAME field of the SOA got more update requests than queries! My solution for this was to change the MNAME field to no-dyn-updates.san.yahoo.com, which resolves to the loopback address. (After overcoming tremendous temptation to make it resolve to 207.46.138.20.) W2k's behavior here is truly horrible... it sends 5 requests at startup, then keeps sending requests, apparently forever, till it gets an answer it thinks it likes.
We have the same problem here; people get a shiny new hostname like blah.dyndns.org and set their computer to that name. It starts bombarding our servers with update attempts; I'm not the one here who handles looking at BIND logs, but I think even a year ago or so we were getting like 5 update attempts per second. It's probably WAY more now, since our userbase has like doubled in a year. We used to try to hunt the people down and get them to turn it off; we don't anymore, there's just too many of them... It's not just Win2000, either: ISC's DHCP client (or server?) version 3.something (might have been a beta?) and I think WinME (and naturally, XP since it's just 2000 on steroids) have been known in the past to send us those silly updates... And then, there's the problem of people whose mail servers think their domain is dyndns.org and their *NIX cron sends mail to root@dyndns.org instead of root on their machine, but that's an entirely different issue... Vivien -- Vivien M. vivienm@dyndns.org Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
participants (2)
-
Doug Barton
-
Vivien M.