dhcp-users Digest, Vol 163, Issue 3

dhcp-users-request Sat, 21 May 2022 05:00:16 -0700

Send dhcp-users mailing list submissions to
        dhcp-users@lists.isc.org


To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
        dhcp-users-requ...@lists.isc.org

You can reach the person managing the list at
        dhcp-users-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."


Today's Topics:

   1. Re: Underscores and Latin2 characters in ISC DHCP + BIND9
      DDNS hostnames (Mirsad Goran Todorovac)


----------------------------------------------------------------------

Message: 1
Date: Fri, 20 May 2022 20:58:42 +0200
From: Mirsad Goran Todorovac <mirsad.todoro...@alu.unizg.hr>
To: dhcp-users@lists.isc.org
Subject: Re: Underscores and Latin2 characters in ISC DHCP + BIND9
        DDNS hostnames
Message-ID: <8d413a0d-7cfe-04d2-8907-451a48c0b...@alu.unizg.hr>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Dear All,

After writing to the list I suddenly got some inspiration not seen in 
months. Thanks for your thoughts,
and silent prayers ...

What I got with is this:

if ((substring (option host-name, 0, 3) = "PC-")????? or
 ??? (substring (option host-name, 0, 8) = "DESKTOP-") or
 ??? (substring (option host-name, 0, 4) = "ALU-")???? or
 ??? (substring (option host-name, 0, 2) = "S-")?????? or
 ??? (substring (option host-name, 0, 3) = "NO-")????? or
 ??? (substring (option host-name, 0, 6) = "OKIRU-")?? or
 ??? (substring (option host-name, 0, 7) = "OZAFIN-")? or
 ??? (substring (option host-name, 0, 8) = "MikroTik")) {
 ??????? default-lease-time 43200;
} else {
 ??????? default-lease-time 1800;
}

# mtodorov 20220520, from dhcp-users
if (not (option host-name ~~ "^[a-z0-9][a-z0-9\-]+[a-z0-9]$")) {
 ??????? set new_host-name = concat("host-", binary-to-ascii(16, 8, "-", 
substring(hardware, 1, 6)));
 ??????? log(concat("invalid hostname: ", option host-name, " => ", 
new_host-name));
 ??????? ddns-hostname = new_host-name;
} elsif (exists host-name) {
 ??????? ddns-hostname = option host-name;
}

I came across the notion that or might have greater priority than = 
comparison and added plenty of parentheses.
Now it appears to work as expected (part 2, the allotment of 
default-lease-time by the type of device).

However, the solution with supplementing a hostname derived from MAC 
address when there is a _ or UTF-8
character in option host-name is only partially satisfactory. I can look 
up the type of device and vendor by MAC
unless it is also forged by hiding original hw MAC, which is as you know 
trivial to do and default on some
smartphones (like my device).

I considered the execute() statement, but it doesn't seem to return 
anything but the status error code.

Alternatively, I can set "check-names warn;" in BIND9 named.conf.local 
for the dynamically updated zone, but this is
less than optimal, as it could open the door for spoofed hostname 
attacks on old DNS servers who do not talk UTF8.

I can't see any such option in dpchd.conf (5) nor dhcp-eval (5) manual 
pages, nor on the kb.isc.org manual.
Perhaps Kea has such an option. It seems rather straightforward to have 
something like:

if (not (option host-name ~~ "^[a-z0-9][a-z0-9\-]+[a-z0-9]$")) {
*set new_host-name = translit (option host-name, "_??????????", 
"-CCDSZccdsz");*
 ??????? log(concat("invalid hostname: ", option host-name, " => ", 
new_host-name));
 ??????? ddns-hostname = new_host-name;
} elsif (exists host-name) {
 ??????? ddns-hostname = option host-name;
}

Kind regards,
Mirsad

On 5/20/2022 12:09 PM, Mirsad Todorovac wrote:
> Dear All,
>
> 1. I was receiving errors for a long time like this one:
>
> May 20 11:50:42 domac dhcpd[29435]: DHCPREQUEST for 192.168.100.59 
> from a8:7d:12:f8:e8:6c (HUAWEI_Y7_Prime_2018-d716) via eth0
> May 20 11:50:42 domac dhcpd[29435]: DHCPACK on 192.168.100.59 to 
> a8:7d:12:f8:e8:6c (HUAWEI_Y7_Prime_2018-d716) via eth0
> May 20 11:50:42 domac dhcpd[29435]: Unable to add forward map from 
> HUAWEI_Y7_Prime_2018-d716.local.alu.hr to 192.168.100.59: REFUSED
>
> May 20 11:48:47 domac named[5524]: zone local.alu.hr/IN: 
> Win-Ra\159unalo.local.alu.hr/A: bad owner name (check-names)
> May 20 11:48:47 domac dhcpd[29435]: Unable to add forward map from 
> Win-Ra?unalo.local.alu.hr to 192.168.100.235: REFUSED
>
> Additionally, some users have added ?????????? Latin2 characters to 
> hostnames or smartphone names on WLAN.
>
> It is difficult to change all of these, especially on user's 
> smartphones who usually connect without even seeing us administrators.
> Also, disabling BIND9 name checks might make users unable to browse as 
> some other services would reject their reverse DNS names as spoofed.
>
> It would be very useful if there was a way to do in DHCPD dhcp-eval 
> scripting what is done with the effect of:
>
> % tr '_??????????' '-CCDSZccdsz' < in > out
>
> that is, transliterate characters, or search & replace. I couldn't 
> find that option in dhcpd.conf nor in dhcp-eval.
>
> 2. I have also tried this to have PCs 12h lease time and smartphones 
> 30min,
> but it did not work:
>
> if substring (option host-name, 0, 3) = "PC-" or
> ?? substring (option host-name, 0, 8) = "DESKTOP-" or
> ?? substring (option host-name, 0, 4) = "ALU-" or
> ?? substring (option host-name, 0, 2) = "S-" or
> ?? substring (option host-name, 0, 3) = "NO-" or
> ?? substring (option host-name, 0, 6) = "OKIRU-" or
> ?? substring (option host-name, 0, 7) = "OZAFIN-" or
> ?? substring (option host-name, 0, 8) = "MikroTik"
> {
> ??????? default-lease-time 43200;
> } else {
> ??????? default-lease-time 1800;
> }
>
> Thank you very much.
>
> My version of DHCPD is:
>
> root@domac:~# dpkg -l isc-dhcp-server
> ii? isc-dhcp-server 4.4.1-2+deb10u1 amd64??????? ISC DHCP server for 
> automatic IP address assignment
> root@domac:~#
>
> Best regards,
> Mirsad Todorovac
>
--
Mirsad Goran Todorovac
CARNet sistem in?enjer
Grafi?ki fakultet | Akademija likovnih umjetnosti
Sveu?ili?te u Zagrebu
-- 
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://lists.isc.org/pipermail/dhcp-users/attachments/20220520/b381c5b6/attachment-0001.htm>

------------------------------

Subject: Digest Footer

_______________________________________________
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users


------------------------------

End of dhcp-users Digest, Vol 163, Issue 3
******************************************

dhcp-users Digest, Vol 163, Issue 3

Reply via email to