OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: kensan on May 24, 2019, 07:11:08 am
-
hi is there particular reason as to why update-conflict-detection is set (hard coded) to false?
disabling it disables among other things: ddns-guard-id-must-match
this is what the man page says :
The ddns-guard-id-must-match statement
ddns-guard-id-must-match flag;
The ddns-guard-id-must-match parameter controls whether or not a
the client id within a DHCID RR must match that of the DNS update's
client to permit DNS entries associated with that DHCID RR to be
ovewritten. Proper conflict resolution requires ID matching and
should only be disabled after careful consideration. When
disabled, it is allows any DNS updater to replace DNS entries that
have an associated DHCID RR, regardless of client identity. This
parameter is on by default, has no effect unless update-conflict-
detection is enabled, and may only be specified at the global
scope.
if I'm (am I?) reading it correctly this will enable any client to rewrite A record it wishes to (if DDNS is enabled).