What Is Name Protection
Name Protection is based on the DHCID support to the DHCP server, and support for the new DHCID RR (Resource Record) to Microsoft DNS. In addition, support for DUID will be added to the IPv4 registration on the DHCP client.
Note this feature prevents name squatting due to non-Windows OS machines, for example servers with Mac OS, various Linux, and other variants of non Windows operating systems. In case of Windows OS machines it would not be an issue, as administrators can leverage upon Active Directory ACL functionality to limit access rights to a name to a particular user/machine and thus prevent name squatting.
DHCID RR is based on the following RFC: https://www.ietf.org/rfc/rfc4701.txt and https://www.ietf.org/rfc/rfc4703.txt, and DUID is described in RFC 4361
Therefore DHCID is a resource record stored in DNS like other RRs. This RR is intended to be used by DHCP to store an identifier for a machine, along with other information for the name such as a machine’s A/AAAA records.
DHCID effectively provides a mapping to determine if a name has already been assigned, and if the address of the machine assigned to the name is the same as the machine requesting registration with this name. DHCP’s unique position in the name registration process allows it to request this match, and then refuse the registration of a machine with a different address attempting to register a name with an existing DHCID record.
Prevents the following name squatting situations:
- Server name squatting by a client
- Server name squatting by another server
- Client name squatting by another client
- Client name squatting by a server
Secure Dynamic DNS updates must be enabled for name protection to work.
Enabling Name Protection on a scope on a DHCP Server leads to the following behavior of the DHCP Server.
· DHCP Server honors request for A/AAAA and PTR records registration for Windows DHCP Clients.
· DHCP Server dynamically updates A/AAAA and PTR record registrations for Non Windows Clients.
· DHCP Server discards A/AAAA and PTR records when the lease is deleted.
Comments
- Anonymous
January 01, 2003
This mechanism is for zone with secure dynamic updates only. - Anonymous
June 06, 2014
This is mechanism for zone with secure or not secure dynamic updates?