Dear Philippe, thanks for your reply.
> - and, always in DHCPD.conf, set that only in the subnet you want. Of course, but this does not prevent that a client takes a name which is already in use in an other protected network. The name of the client comes from the client itself and not from the DHCP server. > the interim style use for each A record a TXT records to ensure that 'static' > dns entries are not overwritten by dynamic (dhcp) client. Ah. This would be great if this works. I have to test. I will report to you. But after New Year. Kind regards Hans > On 20.12.2017, at 21:13, philippe.simo...@swisscom.com wrote: > > Hi Hans > > if you can afford, use ISC DHCP server DDNS method : > > - only DHCP server is allowed to update DNS server (forward / reverse zone), > protect NSUPDATE with ACL, or better tsig > - in dhcpd.conf : > ddns-updates on; > ddns-update-style interim; > ignore client-updates; > - and, always in DHCPD.conf, set that only in the subnet you want. > > the interim style use for each A record a TXT records to ensure that 'static' > dns entries are not overwritten by dynamic (dhcp) client. > > http://www.zytrax.com/books/dns/ch9/dhcp.html > > > Philippe > > >> -----Original Message----- >> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of >> MAYER Hans >> Sent: Wednesday, December 20, 2017 2:27 PM >> To: bind-us...@isc.org >> Subject: Re: DDNS - limitation and excluding updates from certain networks >> >> >> Dear Mukund, >> >> Many thanks for coming back. >> >>> You'll have to explain what you mean better for a more specific answer, >>> but see the manual for the "allow-update" ACL config option >> >> In my zone configuration I have an “allow-update” statement. >> Here I define all networks which are allowed to dynamically update the DNS >> entries. >> >> But my zone contains other IP addresses too. Not only those of the PCs. >> These are static names/addresses which are seldom changed. >> >> And of course the complete zone is a dynamic zone. >> >> And I don’t wont that this static names can by changed by someone out of >> an IP range, where it is allowed. >> I didn’t find any hint to block certain IP ranges to be updated within a >> dynamic zone. >> >> Hopefully this explains my question a little bit better. >> >> >> // Hans >> >> >> >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >> from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users