mastodns.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
MastoDNS is being run by DNS-OARC as part of our public benefit mission to support the DNS community.

Administered by:

Server stats:

22
active users

#DHCP

0 posts0 participants0 posts today

@mwl I’m reading Absolute #FreeBSD and thought I’d ask you for your current opinion on #DHCP for servers: when you wrote the book you didn’t seem excited about it, but - with few exceptions - it is a convenient way to keep an updated list of server IP addresses, to ensure DNS stays up-to-date and to propagate some network changes across a fleet of computers: replacing a router or DNS servers comes to mind. The obvious drawbacks are if DHCP doesn’t work or is maliciously overridden.

Any #DHCP experts around?

I am confused by a feature in OpenStack Neutron where you can assign a virtual interface ("port" in the relevant lingo) multiple private ("fixed") IPv4 addresses. OpenStack configures ports via DHCP, and at least as I read the relevant RFCs, one DHCPOFFER can only ever contain one IPv4 address.

Am I missing some obscure DHCP feature where assigning multiple IPv4 addresses to one interface is possible? Does an equivalent feature exist on any other cloud platform?

Cool research regarding #DNS record spoofing in #ADIDNS managed DNS zoones by Ori David which is by design and won't be fixed by Microsoft.

Spoofing DNS Records by Abusing #DHCP DNS Dynamic Updates

Research blog post: akamai.com/blog/security-resea

Black Hat Europe 2023 Talk: youtube.com/watch?v=HvYg9HbKv8

Audit tooling: Invoke-DHCPCheckup: github.com/akamai/Invoke-DHCPC
Attack tooling: DDSpoof: github.com/akamai/DDSpoof

Hands-on guide: akamai.com/blog/security-resea

@97a403640c83ac12bce556ded8db2f3ebe891801832fa1114abda73a6ae8598c that article offers somehow complicated setup. While #dnsmasq has multiple limitations, it has built-in #DNS + #DHCP registrations without additional configuration. Just use it for both, setup domain and you are done. Having it in single process avoids the need to authenticate DNS updates. And if I can recommend, use home.arpa or it's subdomain. If you haven't tried it already, its about the time.

The of our thoughts on security is online ( n3k.com/experten-webinar-reihe ). We have decided to leave all |s from this year on the topics of , , , security, DNS, DHCP, , security and extended DNS on our website for you. 👨‍💻
I would like to thank all guests for their participation and look forward to the second round in 2024. 🙏🫶

Recording & slides of our on the love-hate between & are online ( n3k.com/experten-webinar-reihe ).

On Dec. 14th we will highlight security. DHCP plays a central role in our networks, but often does not receive the attention it deserves in the context of . We want to emphasize the importance of DHCP in IT security architecture and discuss how an improved security strategy for DHCP can strengthen the overall security of a network.

Stork 1.13 is live! This open source graphical dashboard helps you monitor and configure your Kea #DHCP installation.

Stork now offers subnet configuration and editing, shared network views, LDAP authentication, and more!

Get the details at isc.org/blogs/stork-1-13/ and download Stork at isc.org/download/#Stork

www.isc.orgStork 1.13 ReleasedStork 1.13 is the newest development release of our management tool for the Kea DHCP server.