Report information
The Basics
Id:
26024
Status:
resolved
Estimated:
36 hours (2,160 minutes)
Worked:
5 minutes
Users:
mcnally: 5 minutes
Priority:
Medium/Medium
Queue:
dhcp-public
People
Owner:
Nobody in particular
Requestors:
Paul Ebersman <ebersman@pae.com>
Cc:
AdminCc:
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
4.4.0
Priority:
P1 High
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Sat, 01 Oct 2011 18:07:36 -0400
Updated:Thu, 17 Aug 2017 16:12:34 -0400
Closed:Thu, 17 Aug 2017 16:12:34 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Sat, 01 Oct 2011 18:07:36 -0400 Paul Ebersman <ebersman@pae.com> - Ticket created
Subject: dhcpd 4.2.2 puts temporary addresses in DNS
Date: Sat, 01 Oct 2011 15:07:18 -0700
To: dhcp-bugs@isc.org
From: ebersman@pae.com (Paul Ebersman)

When I request both permanent and temporary ipv6 addresses, I get both addresses but dhcpd does DDNS updates for both in the ip6.arpa zone. dhcpd should not be putting IA_TA addresses in DNS. dhcpd.conf file: ##### option domain-name "remote6.dragon.net"; option domain-name-servers 192.168.167.101; default-lease-time 3600; max-lease-time 7200; log-facility local7; update-static-leases on; authoritative; set vendor-string = option vendor-class-identifier; stash-agent-options true; ddns-update-style interim; ddns-updates on; ddns-domainname "remote6.dragon.net"; ddns-hostname = pick(option fqdn.hostname, option host-name, option dhcp6.fqdn, option fqdn.fqdn, concat("dyn-",binary-to-ascii(16,16,"-", substring(option dhcp6.ia-na, 16, 16)))); update-optimization false; key ddns-key { algorithm HMAC-MD5; secret "XXXX"; }; zone 4.9.2.0.8.3.9.1.1.0.0.2.ip6.arpa { primary ddns.dragon.net; key ddns-key; } zone remote6.dragon.net { primary ns1.dragon.net; key ddns-key; } subnet6 2001:1938:294::/64 { range6 2001:1938:294::200 2001:1938:294::250; range6 2001:1938:294:cafe::/64 temporary; } #####
  Tue, 04 Oct 2011 20:18:05 -0400 Michael McNally <mcnally@isc.org> - Correspondence added 5 minutes

On Sat Oct 01 22:07:36 2011, ebersman@pae.com wrote:
>
> When I request both permanent and temporary ipv6 addresses, I get both
> addresses but dhcpd does DDNS updates for both in the ip6.arpa
> zone. dhcpd should not be putting IA_TA addresses in DNS.

I'm not sure we can trust this submitter -- he strikes me as a bit suspect --
but someone should probably have a look and give some thought to
whether it's appropriate for dhcpd to act as described..

Setting a severity of "normal" and passing along to dev.

Tue, 04 Oct 2011 20:18:07 -0400 The RT System itself - Status changed from 'new' to 'open'
Tue, 04 Oct 2011 20:18:24 -0400 Michael McNally <mcnally@isc.org> - Severity S2 Normal added
Tue, 02 Sep 2014 17:45:38 -0400 Vicky Risk <vicky@isc.org> - Versions Planned 4.3.2 added
Thu, 02 Oct 2014 00:56:44 -0400 Shawn Routhier <sar@isc.org> - FinalPriority changed from 'Medium' to 'Medium'
Thu, 02 Oct 2014 00:56:44 -0400 Shawn Routhier <sar@isc.org> - Priority changed from 'Medium' to 'Medium'
Thu, 02 Oct 2014 00:56:44 -0400 Shawn Routhier <sar@isc.org> - Priority P1 High added
Mon, 23 Mar 2015 21:19:25 -0400 Shawn Routhier <sar@isc.org> - FinalPriority changed from 'Medium' to 'Medium'
Mon, 23 Mar 2015 21:19:25 -0400 Shawn Routhier <sar@isc.org> - Priority changed from 'Medium' to 'Medium'
Mon, 23 Mar 2015 21:19:25 -0400 Shawn Routhier <sar@isc.org> - TimeEstimated changed from (no value) to '2160'
Mon, 23 Mar 2015 21:19:25 -0400 Shawn Routhier <sar@isc.org> - Versions Planned 4.3.2 changed to 4.3.3
Thu, 30 Jul 2015 00:54:49 -0400 Shawn Routhier <sar@isc.org> - Versions Planned 4.3.3 changed to 4.3.4
Thu, 21 Apr 2016 13:00:01 -0400 Shawn Routhier <sar@isc.org> - Versions Planned 4.3.4 changed to 4.3.5
Wed, 30 Nov 2016 09:59:56 -0500 Thomas Markwalder <tmark@isc.org> - Versions Planned 4.3.5 changed to 4.3.6
Fri, 07 Jul 2017 15:12:35 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #8 to dhcp-public
Fri, 07 Jul 2017 15:12:36 -0400 Vicky Risk <vicky@isc.org> - Area bug added
  Thu, 17 Aug 2017 15:08:38 -0400 Thomas Markwalder <tmark@isc.org> - Correspondence added

Hello Paul: While I realize this issue was reported a long time ago I am writing to you to follow up. I confirmed through testing that as of our current release, 4.3.6, by default the server does perform DDNS updates for temporary addresses. Whether or not it should remains open to interpretation as the RFCs are a somewhat vague on the subject. RFC 3315 states that: "The server MAY update the DNS for a temporary address, as described in section 4 of RFC 3041." It is possible to turn DDNS updates off on a per pool basis via server configuration as shown below: subnet6 2001:1938:294::/48 { range6 2001:1938:294::200 2001:1938:294::250; pool6 { # Turn off DDNS for temporary addresses ddns-updates off; range6 2001:1938:294:cafe::/64 temporary; } } In general we try to avoid changing default behavior, especially long standing behavior as the risk of breaking installations unexpectedly must be considered. Given the fine grained ability of turning the updates on and off currently provided, we do not anticipate making any code changes regarding this issue. Thank you for taking the time to report the issue to us. I apologize for the lag time in response but as a small non-profit, we have to address issues where there is demand for them. Sincerely, Thomas Markwalder ISC Software Engineering,
Thu, 17 Aug 2017 15:25:22 -0400 Thomas Markwalder <tmark@isc.org> - Versions Planned 4.3.6 changed to 4.4.0
Thu, 17 Aug 2017 16:12:34 -0400 Thomas Markwalder <tmark@isc.org> - Status changed from 'open' to 'resolved'