From: Steve Hideg (hideg@saintmarys.edu)
Date: Thu Aug 17 2000 - 08:38:36 CDT
Greetings netreggers.
I found some disturbing behavior in Windows and Macintosh DHCP
clients yesterday. Behavior that can (and has) totally bypass netreg.
With the Windows 95 client, in the Network control panel on the DNS
Configurations tab, if DNS is enabled and it contains a list of valid
servers, this will override the server specified by the netreg DHCP
server, regardless of the "obtain an IP address automatically"
setting of the client.
We've observed that the Win 98 client doesn't appear to be so bold,
but we are now instructing all Windows users to disable DNS in the
network control panel.
The same problem can appear with the TCP/IP control panel on Mac OS.
If the User Level on the control panel is set to anything other than
Basic, you can specify DNS servers in the control panel and they take
precedence over the one(s) specified by the DHCP server. Here, we'll
instruct users to make sure it is set to Basic (we're counting on
this being less of a problem since TCP/IP is usually set to Basic &
DHCP out of the box as of late).
This problem cropped up (especially on the Windows side) with
returning students who have DNS turned on from being in our ResNet
last year.
As is always the case, instructing users is far from an adequate
solution, especially when a kid has a father who "knows about
computers" and doesn't bother to read the ResNet instructions we
provide (this has already happened, to one of our RCCs no less).
Does anybody have any other workaround for this? I can't find
anything about the ISC DHCP server or DHCP in general that would
allow the specifications from the server to override any local
settings.
This is quite alarming to me since students can easily (and
unknowingly) bypass netreg altogether (and potentially exhaust our
unregistered IP address pool). Is there something sneaky we can do to
lease & renewal times in the unregistered pool perhaps?
Obviously, the problem of hard-coded addresses still exists, but this
DNS problem is a major loophole.
Thanks.
____________________________________________________________________
Steve Hideg
Technical Support Specialist, Saint Mary's College, Notre Dame IN
<hideg@saintmarys.edu>
____________________________________________________________________
"There is another system." --Colossus
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:34 CDT