Static DNS entry updated by DDNS to DHCP address

  • Thread starter Thread starter Joe Sargent
  • Start date Start date
J

Joe Sargent

If I have a static entry my DNS called "STATICDNS" with an IP of
192.168.0.2 and ping it all works fine. However, I log a machine on
that has the name "STATICDNS" and will get another ip of 192.168.0.10
from the DHCP server. That in turn is updated my static dns entry for
STATICDNS and changing the IP from 192.168.0.2 to 192.168.0.10. In
effect this could allow someone to redirect my traffic to a new box.
Has anyone else seen this behavior?
 
In
Joe Sargent said:
If I have a static entry my DNS called "STATICDNS" with an IP of
192.168.0.2 and ping it all works fine. However, I log a machine on
that has the name "STATICDNS" and will get another ip of 192.168.0.10
from the DHCP server. That in turn is updated my static dns entry for
STATICDNS and changing the IP from 192.168.0.2 to 192.168.0.10. In
effect this could allow someone to redirect my traffic to a new box.
Has anyone else seen this behavior?
Click to expand...

Not necessarily. It will revert to Round Robin. But one thing, when another
machine comes up with the same name, a duplicate name error pops up and then
the workstation service will not initialize, so in effect, it would never be
able to be used on the network anyway until the one machine or the other is
removed.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Ace you are correct about duplicate names as far as netbios goes and
was not very clear. What I should have said was the machine named
STATICDNS would have its own A record that it creates and then we
create another A record for the same IP as the STATICDNS and call it
A-STATICDNS. If I place a machine on the network that has the name
A-STATICDNS then it will overwrite my static DNS entry. Sorry about
the way I presented the question. You are correct that the two
machines would not be allowed on the network if they had the same
netbios name.

I guess the answer here is we make CNAME records back to the original
STATICDNS A record?
Thanks again,
Joe
 
In
Joe Sargent said:
Ace you are correct about duplicate names as far as netbios goes and
was not very clear. What I should have said was the machine named
STATICDNS would have its own A record that it creates and then we
create another A record for the same IP as the STATICDNS and call it
A-STATICDNS. If I place a machine on the network that has the name
A-STATICDNS then it will overwrite my static DNS entry. Sorry about
the way I presented the question. You are correct that the two
machines would not be allowed on the network if they had the same
netbios name.

I guess the answer here is we make CNAME records back to the original
STATICDNS A record?
Thanks again,
Joe
Click to expand...

Well, that clears it up a bit. Yes, you could use a CNAME for this, (I
normally hate CNAMES) but it will work fine for this scenario. Just bear in
mind that you may have problems accessing it by using a CNAME in a UNC:

281308 - Connecting to SMB Share on a Windows 2000-Based Server May Not Work
with an Alias Name [Doesn't work with CNAMES]:
http://support.microsoft.com/?id=281308



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
This will happen. That's a cavat of dynamic DNS. What you need to do is to make sure the zone only allows secure updates.
This way you have control over what machines get added to your domain. If someone brings up a rouge box with that same
name as a static record, they will not be able to hijack this record without being a domain member.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.
 
Back
Top