Embed Size (px)
Citation preview
www.dell.com/powersolutions Reprinted from Dell Power Solutions, May 2006. Copyright © 2006 Dell Inc. All rights reserved. DELL POWER SOLUTIONS 1
SYSTEMS MANAGEMENT
The Domain Name System (DNS) is a database that
gives meaning to network domains and host names.
Name servers handle portions of the database called
zones, which correspond to the domains for which they
are responsible. The Dynamic DNS (DDNS) mechanism
allows data in a zone to be modified without reloading
zone data. This allows DNS data to be modified often, in
a timely manner, and with minimal overhead.
Without the DDNS mechanism, network host infor-
mation for zones is traditionally stored in static tables on
name servers. In such scenarios, system administrators
must edit these files by hand when a change needs to
be made, and then instruct the name server software
to reload the zones. If a network is primarily Dynamic
Host Configuration Protocol (DHCP) based and a static
DNS server is used for name registration and resolution,
manually updating the DNS database every time a remote
access controller (RAC) client receives a new IP address
typically involves a tremendous amount of time and effort,
even for a team of administrators. Using meaningful DNS
names that correspond to the names of RACs instead of the
controllers’ IP addresses can help make system administra-
tion organized and efficient.
Primary features of a DDNS updateBy default, a RAC DNS name is “RAC-ServiceTag,gg ” where
ServiceTag is the service tag of the managed server. Each g
RAC has configuration options to change the DNS name
and to overwrite the DNS domain name provided by the
DHCP server to a user-specified name. The default RAC
DNS name, username, and password appear on a sticker
on the controller.
BY PHIL WEBSTER AND BRIAN ZHANG
Dynamic DNS UpdatesUsing the Dell Remote Access Controller 4
The Dynamic Domain Name System (DDNS) update feature of the Dell Remote Access
Controller 4 (DRAC 4) dynamically modifies the Domain Name System (DNS) database.
This feature allows each remote access controller (RAC) IP address to be associated
with a meaningful DNS name so that administrators can connect to the RAC without
having to know the RAC IP address.
Related Categories:
Dell Remote Access Controller (DRAC)
Domain Name System (DNS)
Remote management
Systems management
Visit www.dell.com/powersolutions
for the complete category index.
SYSTEMS MANAGEMENT
DELL POWER SOLUTIONS Reprinted from Dell Power Solutions, May 2006. Copyright © 2006 Dell Inc. All rights reserved. May 20062
A DDNS update modifies resource records (RRs) in the DNS serv-
er’s database. The affected RRs consist of the associated A (address)
record, which contains a mapping from a fully qualified domain name
(FQDN) to an IP address, and the associated PTR (pointer) record,
which contains a mapping from an IP address to a FQDN.
For example, the FQDN of a RAC named RAC1 in the domain
sales.company.com is RAC1.sales.company.com. When a DNS
update is enabled, the RAC registers the A record as well as the
PTR record with the DNS server.
A RAC DDNS update is triggered by the following: initial startup
of the RAC or modifying the IP address of the RAC. The DDNS
client resides on the RAC. The RAC can redirect DDNS requests
to another DNS server provided in the response from the primary
DNS server. Administrators can configure the DDNS feature via the
racadm utility, option ROM, or the main graphical user interface
(GUI) for the RAC.
DRAC 4 product requirements for DDNS updatesMany data centers choose to operate without DHCP. For this reason,
the Dell Remote Access Controller 4 (DRAC 4) default network con-
figuration is statically assigned, rather than defaulting to a DHCP
configuration. It is a DRAC 4 product requirement that DDNS
operate in a non-DHCP data center. This requires the DRAC 4
to directly issue the update commands to the DNS server, rather
than proxying through a DHCP server.
Nonsecure DDNS updatesBecause the secure DNS implementations provided by Microsoft®
Windows® and Linux® operating systems are incompatible, the
DRAC 4 uses nonsecure updates. It is a product requirement that
the DRAC 4 be able to operate in both Microsoft Windows–based
and Linux-based data centers.
DDNS proxying through a DHCP serverSome enterprise IT organizations prefer to have the DHCP server
perform the DDNS update to the DNS server, with the DHCP server
acting as a proxy. These organizations may enable secure DDNS
updates. However, when a secure DDNS update is enabled and a
DHCP server is used as a proxy, the DNS database is not secure.
This lack of security exists because DHCP is an unencrypted
and unauthenticated protocol. DHCP packets can easily be spoofed
by hackers. Adding the secure DDNS protocol on top of nonsecure
DHCP essentially means that the DNS database can be modified
by spoofed DHCP packets. Data center managers may be lured into
thinking that the DNS database is secure because they are using a
secure update but the DNS database is never secure when proxied
through the DHCP server.
In spite of the security risk involved, some organizations prefer
to use DHCP proxy updates. The DRAC 4 firmware version 1.40
allows administrators to configure DHCP proxy updates. The
following algorithm is used: If, and only if, cfgDNSRegisterRac
is 0 (false) and cfgNicUseDhcp f is 1 (true), the value of
cfgDNSRacName is included as the client-identifier option in the
DHCPREQUEST packet.
Configuration interfacesThe interfaces that can be used to configure the DDNS feature
of the DRAC 4 are the racadm utility, the out-of-band GUI, and
option ROM.
Racadm utilityThe following racadm parameters, which exist in the cfgLan-
Networking group, can be used to configure the DDNS feature
of the DRAC 4:
• CfgDNSServersFromDHCP: This Boolean object specifies
whether the RAC is retrieving DNS server addresses from the
DHCP server. It has a default value of 0 (false). • cfgDNSServer1: This specifies the IP address of the first
DNS server and has a default value of 192.168.0.5. This
parameter has meaning only when cfgDNSServersFromDHCP
is 0 (false). • cfgDNSServer2: This specifies the IP address of the second
fDNS server and has a default value of 192.168.0.6. A value of
0.0.0.0 may be entered if there is no second DNS server. This
parameter has meaning only when CfgDNSServersFromDHCP
is 0 (false). • cfgDNSRegisterRac: This Boolean object specifies whether
the RAC DNS name is being registered on the DNS server. It
has a default value of 0 (false). • cfgDNSRacName: This string specifies the RAC DNS name and
has a default value of “RAC-ServiceTag.” • cfgDNSDomainNameFromDHCP: This Boolean object specifies
whether the DNS domain name is being obtained from the
DHCP server. It has a default value of 0 (false). • cfgDNSDomainName: This string specifies the DNS domain
name and has a default value of “MYDOMAIN.” This param-
eter has meaning only when cfgDNSDomainNameFromDHCP is
0 (false).
Additionally, the cfgCurrentLanNetworking group has the fol-
lowing read-only parameters related to the DDNS feature:
• cfgDNSCurrentDhcpWasUsed: This Boolean object indi-
cates whether DHCP was used to obtain the DNS server IP
addresses. • cfgDNSCurrentServer1: This is the IP address currently
being used for DNS server 1.
SYSTEMS MANAGEMENT
www.dell.com/powersolutions Reprinted from Dell Power Solutions, May 2006. Copyright © 2006 Dell Inc. All rights reserved. DELL POWER SOLUTIONS 3
• cfgDNSCurrentServer2: This is the IP address
currently being used for DNS server 2. • cfgDNSCurrentDomainName: This is the DNS
domain name currently being used.
Out-of-band GUIThe following configuration options for the DDNS
feature appear on the Network Configuration page of
the DRAC 4 GUI (see Figure 1):
• “Use DHCP to obtain DNS server addresses”
check box: This is not checked by default. • “Static Preferred DNS Server” field: An IP
address is entered here; this field is used only
when the “Use DHCP to obtain DNS server
addresses” check box is not checked. • “Static Alternate DNS Server” field: An IP
address is entered here; this field is used only
when the “Use DHCP to obtain DNS server
addresses” check box is not checked. A value
of 0.0.0.0 may be entered if there is no alternate
DNS server. • “Register DRAC 4 on DNS” check box: This is not checked
by default. • “DNS DRAC 4 Name” field: The default value is
“RAC-ServiceTag.” • “Use DHCP for DNS Domain Name” check box: This is not
checked by default.
• “DNS Domain Name” field: This is used only when the “Use
DHCP for DNS Domain Name” check box is not checked.
The default value is “MYDOMAIN.”
Additionally, the System Summary page of the DRAC 4 GUI (see
Figure 2) has read-only settings for the DDNS feature which display
the current preferred DNS server, the current alternate DNS server,
the DNS DRAC 4 name, and the current DNS domain name. These
settings also specify whether DHCP is being used for DNS, whether
the DRAC 4 is registered on DNS, and whether DHCP
is being used for the DNS domain name.
Option ROM The following five fields in the “DNS Configuration
Options” section of the DRAC 4 option ROM utility (see
Figure 3) can be used to configure the DDNS feature:
“Servers from DHCP” option. This is a Boolean
toggle, which is toggled with the U key. The default
setting is “Disabled,” meaning that the two static DNS
server addresses are used. When the setting is changed
to “Enabled,” the DHCP server supplies the DNS server
addresses. If the “Use DHCP is” option in the “NIC
TCP/IP Configuration Options” section is set to “Dis-
abled,” the “Servers from DHCP” option cannot be set
to “Enabled,” and this field is grayed out.
“Static DNS Server 1” option. This is the IP
address of the first DNS server; it is modified with the
1 key. The default value is 192.168.0.5. If the “Servers
from DHCP” option is “Enabled,” this field cannot be
modified and is grayed out.Figure 1. Network Configuration page of the DRAC 4 GUI
Figure 2. System Summary page of the DRAC 4 GUI
SYSTEMS MANAGEMENT
DELL POWER SOLUTIONS Reprinted from Dell Power Solutions, May 2006. Copyright © 2006 Dell Inc. All rights reserved. May 20064
“Static DNS Server 2” option. This is the IP address of the
second DNS server; it is modified with the 2 key. The default value is
192.168.0.6. A value of 0.0.0.0 may be entered if there is no second
DNS server. If the “Servers from DHCP” option is “Enabled,” this
field cannot be modified and is grayed out.
“Register RAC Name” option. This is toggled with the C key
and the default setting is “Disabled.” When this option is not dis-
abled, this field displays the RAC DNS name. The default RAC DNS
name is “RAC-ServiceTag.” The RAC DNS name can be modified
only when toggling from the disabled state. Therefore, if this option
is not set to “Disabled,” administrators must press the C key twice
to modify the RAC DNS name.
“Static Domain Name” option. This is toggled with the F
key and the default value is “MYDOMAIN.” When this option
is not disabled, the static DNS domain name appears in the
field. The static DNS domain name can be modified only when
toggling from the disabled state. Therefore, if this option is not
set to “Disabled,” administrators must press the F key twice to
modify the static DNS domain name. (However, if the “Use DHCP
is” option is disabled, then the “Static Domain Name” option
cannot be set to “Disabled” and can be modified by pressing the
F key only once.) When the “Register RAC Name” option is set to
“Disabled,” this field cannot be modified and is grayed out.
Additionally, the “DNS Current Configuration” section of the
option ROM utility has the following read-only parameters related
to the DDNS feature:
• Servers from DHCP or Static Servers • Domain Name from DHCP or Static Domain Name • Servers (IP addresses of DNS server 1 and DNS server 2) • Domain (current DNS domain name)
An efficient solution for network administration of RACsUsing a DNS name instead of an IP address can help make system
administration organized and efficient. The DRAC 4 default DNS
name is based on the server’s service tag, which is unique and
easily associated with the server being managed. The DRAC 4
supports dynamic updating of the DNS database with this unique
name-to-address mapping.
Phil Webster is a development engineer in the Dell Remote Management Group. He has a B.S. in Mathematics from Oral Roberts University, an M.A. in Mathematics from the University of South Florida, and an M.S. in Computer Science from Southern Methodist University.
Brian (Limin) Zhang is a software engineer advisor in the Dell Remote Management Group. He has a B.S. from Tsinghua University in China and an M.S. in Electrical Engineering from The University of Texas at Dallas.
Figure 3. DNS configuration settings accessed through the DRAC 4 option ROM utility
