osdir.com
mailing list archive F.A.Q. -since 2001!



Subject: Re: ipconfig /registerdns and split DNS -
msg#00036

List: network.dns.dnsmasq.general

Mail Archive Navigation:
by Date: Prev Next Date Index by Thread: Prev Next Thread Index

I must say that I am very impressed with the features of dnsmasq.

I absolutely agree.

***HOWEVER***, the "ipconfig /registerdns" command does NOT seem to work

Microsoft has made proprietary extensions so that the members of an
active directory domain can register in DNS in a secure way. The
point is that no unauthorized computer should be able to pretend being
a domain controller or another server.

As far as I know, only Microsoft's own DNS-server (part of Windows
Server) implements these extensions.

So without a Microsoft DNS-server, I would suggest that all your
servers are registered by hand in the DNS. Of course, if you 100%
trust every machine on your LAN, that should not be an issue.

Anyway, you can of course use Dnsmasq to register the machines as they
acquire an IP by DHCP, but I guess you already know that.


Rune

Thread at a glance:

Previous Message by Date:

Re: ipconfig /registerdns and split DNS

Joe.Kelly wrote: > Hi, > > ***HOWEVER***, the "ipconfig /registerdns" command does NOT seem to work > if the host it is run on uses the WRT54GL as its DNS server. I ran this > command on a Windows 2000 and Windows XP host on the WRT54GL side of the > VPN and I expected to see a new host record in the internal DNS server. > However, it doesn't seem to work. I hoped that the split DNS feature > would handle this for me (the host's DNS server was set to the WRT54GL, > not the internal DNS server). I'm outside my area of expertise here, but I have a feeling that what you are trying to do needs dynamic-DNS support in the DNS server. Ie the ability for client to add/alter DNS records. Dnsmasq doesn't provide that facility. Adding it would be a major undertaking. > Any suggestions? I'd prefer to keep the > host pointing at the WRT54GL as its primary DNS server. Use server=/<domain>/<server> to forward the domain in question to a DNS server which supports dynamic-DNS. dnsmasq should have no problems _forwarding_ DNS-update requests, even if it cannot act on them. Cheers, Simon.

Next Message by Date:

Re: [**SPAM**] Re: ipconfig /registerdns and split DNS

Joe.Kelly wrote: > Thanks for your reply Simon. > >> Use server=/<domain>/<server> to forward the domain in >> question to a DNS >> server which supports dynamic-DNS. dnsmasq should have no problems >> _forwarding_ DNS-update requests, even if it cannot act on them. > > I'm already using that setting. dnsmasq successfully forwards DNS LOOKUP > requests for <domain> to <server>, but it does not seem to forward DNS > REGISTRATION requests for <domain> to <server>. I haven't yet hooked > tcpdump to verify this but since the host is not registered at <server>, > I assume the registration request is not being forwarded. > If you get some packet dumps, please forward them to me: this is may be fixable. Cheers, Simon.

Previous Message by Thread:

Re: [**SPAM**] Re: ipconfig /registerdns and split DNS

Joe.Kelly wrote: > Thanks for your reply Simon. > >> Use server=/<domain>/<server> to forward the domain in >> question to a DNS >> server which supports dynamic-DNS. dnsmasq should have no problems >> _forwarding_ DNS-update requests, even if it cannot act on them. > > I'm already using that setting. dnsmasq successfully forwards DNS LOOKUP > requests for <domain> to <server>, but it does not seem to forward DNS > REGISTRATION requests for <domain> to <server>. I haven't yet hooked > tcpdump to verify this but since the host is not registered at <server>, > I assume the registration request is not being forwarded. > If you get some packet dumps, please forward them to me: this is may be fixable. Cheers, Simon.

Next Message by Thread:

Re: ipconfig /registerdns and split DNS

On Friday 08 December 2006 09:44, Rune Kock wrote: > > ***HOWEVER***, the "ipconfig /registerdns" command does NOT seem to > > work > > Microsoft has made proprietary extensions so that the members of an > active directory domain can register in DNS in a secure way. The I don't know Windows much (does anyone??) but I think this is their implementation of RFC's 2136 and 3007. I know that on my ISC named, there's one Win2K client which is being logged as it attempts to register itself in DNS. I presume the ISC named wouldn't see / understand this if it was being done using some proprietary method. I wouldn't expect dnsmasq to implement these RFC's. If it did, we'd find our beloved dnsmasq was as complex and difficult as ISC dhcpd + BIND. :) Hey, I *like* ISC. But I also like ... hearing fingernails on chalkboards![1] ;) Seriously, the ISC solution has its place, and dnsmasq occupies a different niche. I think it should stay that way. [1] With apologies to Chuck Barris and his horrible/wonderful "The Gong Show." Apologies also to anyone [un]fortunate enough to remember it. :) -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
blog comments powered by Disqus

Home | News | Sitemap | FAQ | advertise | OSDir is an Inevitable website. GBiz is too!