[Tfug] Static/Dynamic (IP,name) bindings

unixmito at SDF.ORG unixmito at SDF.ORG
Wed Sep 12 16:48:32 MST 2012


> To that end, are there any downsides of using DHCPd (coordinate
> with BIND) to manage this sort of thing?  I.e., specify "fixed"
> addresses for those hosts that I really want/need to sit at
> specific places /managed from the dhcpd instead of manually
> coordinating static assignments in each node with static
> A and PTR records in the name server.

http://answers.oreilly.com/topic/84-how-to-add-static-hosts-to-dhcp/

I think this will help.

> I recognize there's a risk in the DHCPd communicating with
> the name server (to register updates, etc.).  And, some risk
> with clients communicating with the DHCP service.  If, however,
> all of this sits behind my bastion host, do I have any *real*
> risks to be wary of?

>From my experience the only real danger that I see behind a relatively
secured NAT is arp poisoning and similar tactics that would redirect
traffic from a host to use a poisoned DNS server. Polling the ARP table
periodically vis a vis cron to check against a static reference would seem
to help.

It's not quite clear what type of topology you've adopted in relation to
what is represented by the nameserver and what isn't. But I hope this help
/somewhat/.





More information about the tfug mailing list