diff options
author | Shawn Routhier <sar@isc.org> | 2012-12-04 11:46:50 -0800 |
---|---|---|
committer | Shawn Routhier <sar@isc.org> | 2012-12-04 11:46:50 -0800 |
commit | a09eaf0e5002fb7bf8eefdd5c8f5e831586824f7 (patch) | |
tree | 2c1390ddd6ad5cbcbbc7c5e5a595165aa990b50f /common | |
parent | c0cc1ef74cceb4d9b9ba43f8f379d2c585d25f07 (diff) | |
download | isc-dhcp-a09eaf0e5002fb7bf8eefdd5c8f5e831586824f7.tar.gz |
[v4_2]
Remove outdated section on ad-hoc DDNS
[ISC-Bugs #21798 #29939]
Diffstat (limited to 'common')
-rw-r--r-- | common/dhcp-eval.5 | 46 |
1 files changed, 2 insertions, 44 deletions
diff --git a/common/dhcp-eval.5 b/common/dhcp-eval.5 index 7fd6cfb6..55878e50 100644 --- a/common/dhcp-eval.5 +++ b/common/dhcp-eval.5 @@ -497,50 +497,8 @@ you will execute that command every time a scope is evaluated. .RE .SH REFERENCE: DYNAMIC DNS UPDATES .PP -The DHCP client and server have the ability to dynamically update the -Domain Name System. Within the configuration files, you can define -how you want the Domain Name System to be updated. These updates are -RFC 2136 compliant so any DNS server supporting RFC 2136 should be -able to accept updates from the DHCP server. -.SH SECURITY -Support for TSIG and DNSSEC is not yet available. When you set your -DNS server up to allow updates from the DHCP server or client, you may -be exposing it to unauthorized updates. To avoid this, the best you -can do right now is to use IP address-based packet filtering to -prevent unauthorized hosts from submitting update requests. -Obviously, there is currently no way to provide security for client -updates - this will require TSIG or DNSSEC, neither of which is yet -available in the DHCP distribution. -.PP -Dynamic DNS (DDNS) updates are performed by using the \fBdns-update\fR -expression. The \fBdns-update\fR expression is a boolean expression -that takes four parameters. If the update succeeds, the result is -true. If it fails, the result is false. The four parameters that the -are the resource record type (RR), the left hand side of the RR, the -right hand side of the RR and the ttl that should be applied to the -record. The simplest example of the use of the function can be found -in the reference section of the dhcpd.conf file, where events are -described. In this example several statements are being used to make -the arguments to the \fBdns-update\fR. -.PP -In the example, the first argument to the first \f\Bdns-update\fR -expression is a data expression that evaluates to the A RR type. The -second argument is constructed by concatenating the DHCP host-name -option with a text string containing the local domain, in this case -"ssd.example.net". The third argument is constructed by converting -the address the client has been assigned from a 32-bit number into an -ascii string with each byte separated by a ".". The fourth argument, -the TTL, specifies the amount of time remaining in the lease (note -that this isn't really correct, since the DNS server will pass this -TTL out whenever a request comes in, even if that is only a few -seconds before the lease expires). -.PP -If the first \fBdns-update\fR statement succeeds, it is followed up -with a second update to install a PTR RR. The installation of a PTR -record is similar to installing an A RR except that the left hand side -of the record is the leased address, reversed, with ".in-addr.arpa" -concatenated. The right hand side is the fully qualified domain name -of the client to which the address is being leased. +See the dhcpd.conf and dhclient.conf man pages for more information +about DDNS. .SH SEE ALSO dhcpd.conf(5), dhcpd.leases(5), dhclient.conf(5), dhcp-options(5), dhcpd(8), dhclient(8), RFC2132, RFC2131. |