On Wed, 14 Jan 2009 17:31:26 +0100, Kai Schaetzl wrote
Scott Mazur wrote on Tue, 13 Jan 2009 08:08:22 -0600:
AFAIK the DHCP client has no authority to register dynamic dns regardless of how the client machines are configured. It's the DHCP server that decides to update BIND and this can be turned on or off. My guess is your DHCP server is configured to update BIND when clients get new leases. Hence the errors reported by BIND when these attempts are made. Read up on the man pages for dhcpd.conf. In particular review the ddns-update-style and ddns-updates
options.
Hm, man says that "ignore client-updates;" is what I want to set. However, this is already set in the file. I just checked my logs again and now I know why I didn't ever notice it before. It seems that happened only from Jan. 8 to 11. Not before (as far as log goes back, which is only four weeks), not after. I did the named update on Jan. 11, but this seems to be coincidence. And it's been always the same client. Go, figure.
"the server can be configured either to honor the client's intentions or ignore them. This is done with the statement allow client-updates; or the statement ignore client-updates;"
This refers to the client updating its own A record. Ignore/allow here won't stop the DHCP server from attempting updates to BIND.
"The DHCP server must be configured to use one of the two currently-supported methods, or not to do dns updates. This can be done with the ddns-update-style configuration parameter"
You want to set ddns-update-style to 'none'. This should end the BIND update attempts (and failure logging).
Scott
Scott Mazur wrote on Wed, 14 Jan 2009 13:15:52 -0600:
"the server can be configured either to honor the client's intentions or ignore them. This is done with the statement allow client-updates; or the statement ignore client-updates;"
This refers to the client updating its own A record. Ignore/allow here won't stop the DHCP server from attempting updates to BIND.
"The DHCP server must be configured to use one of the two currently-supported methods, or not to do dns updates. This can be done with the ddns-update-style configuration parameter"
You want to set ddns-update-style to 'none'. This should end the BIND update attempts (and failure logging).
Thanks for "confirmation". Looking at the dhcpd.conf, this has been set since the beginning. I don't think that any of these updates was coming from the dhcpd, they were in time intervals (20 mins or a few hours) that didn't match with the re-lease interval (one day). And as I wrote, it was only coming from one single machine. I checked the log files on it and it stopped exactly at the time the machine got rebooted because it acquired the latest security update from Microsoft. So, there was obviously something goofy for about three days on that machine that let it do those update requests. Maybe the VMWare DHCP service on that machine was responsible as this shows up with a single error message on the 8th, when it all seems to have started.
Kai
-
Kai Schaetzl -
Scott Mazur