In a local area network, dynamic DNS (DNS UPDATE) enables workstations to automatically register the IP address obtained via DHCP with the DNS server. Microsoft Windows has supported this since Windows 2000. Many system administrators like having the burden of DNS assignment taken from them and automated by the clients. So do I. But I like having static IP addresses assigned to workstations because it allows for better documentation and control of end-user's computers. The requirement of assigning static addresses and having these registered in DNS is handled by a DHCP server if correctly set up. But why rely on the computer name (netbios name) being entered into the DNS? Wouldn't the user-name be a far better candidate? Well, I certainly think so. Our user base has uniquely assigned and well-known usernames with which a user accesses any resource, including her own (Windows) workstation. That user-name is exactly what gets set up in the DNS when the user logs on. A small agent is quietly launched which issues an HTTP request to a web service. That service retrieves the user's user-name and the IP address of the invoking client, and adds it to the Domain Name System. On Linux/Unix systems, the agent is run from /etc/profile. We have a separate zone appropriately named users.example.com reserved for those updates. The zone is managed by a PowerDNS server on top of a MySQL back-end. Updates to the zone are therefore simply a matter of the web service performing an SQL INSERT or UPDATE. The system can very easily be ported to the other PowerDNS back- ends; for the LDAP back-end an LDAP add or modify would be used to register the computer, without requiring the program on the user's computer to be modified. If the environment were based on an ISC Bind server, the web service would be modified to support dynamic updates. In principle, this is the same kind of service which is provided by companies such as DynDNS.org or No-IP.com except that, being in a closed corporate environment, the user doesn't require registration and is not actually aware of the DNS entry. The benefits? An administrator need not ask a user to determine her IP address (a difficult task for many a user), instead simply enquiring as to her user-name. A simple host username.users.example.com suffices to then determine the address. The system is not foolproof, because it doesn't cater for users logging in to more than one computer (the last login would become the registered address), but that is okay for us.

Flattr this
LDAP, Internet, MySQL, Linux, and DNS :: 12 Feb 2006 :: e-mail

Comments

blog comments powered by Disqus