[Samba] Possible security issue with DHCP script.
Andrew Bartlett
abartlet at samba.org
Tue Jun 21 21:51:26 UTC 2022
On Tue, 2022-06-21 at 12:43 -0400, Jonathon Reinhart via samba wrote:
> I've also thought about putting DHCP clients dynamic DNS records in a
>
> separate subdomain altogether. I.e.
>
>
>
> contoso.com -- Main domain
>
> corp.contoso.com -- AD domain
>
> dyn.contoso.com -- Dynamic DNS registrations
>
>
>
> Note that this *only* applies to DHCP clients. The majority of your
>
> domain-joined machines (Windows and SSSD at least) should already be
>
> performing dynamic DNS updates using their machine credentials, and
>
> the ACLs on the records prevent one client from stomping on another
>
> client's (DC's) records.
Having DCHP controlled dynamic DNS names in a subdomain is/was the
normal practice as I recall it from being a sysadmin many, many moons
ago.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list