=============================== NOVELL DNS/DHCP SERVICES README =============================== November 20, 1998 This document provides information that was discovered or developed too late to be included in the online documentation. The following topics are covered: * NDS RIGHTS REQUIRED TO MANAGE DNS/DHCP CONFIGURATION * USING THE DNS/DHCP MANAGEMENT CONSOLE * INCREASING THE STARTUP SPEED OF THE DNS/DHCP MANAGEMENT CONSOLE * ENTERING DATA WITH THE CAPS LOCK KEY ACTIVE * DYNAMIC DNS AND REMOVED RESOURCE RECORDS * SERVER ACCESS TO DNS/DHCP LOCATOR OBJECT NOT REQUIRED * ASSIGNING A SUBNET'S DEFAULT SERVER TO ADDRESS RANGES THAT INCLUDE BOOTP ADDRESSES * FINDING ADDRESSES MARKED UNAUTHORIZED BY THE PING FEATURE * USING THE "-F" COMMAND LINE OPTION FOR DNIPINST.NLM * LOAD CSATPXY.NLM ON SERVER TO VIEW AUDIT TRAIL EVENTS FROM CLIENT NDS RIGHTS REQUIRED TO MANAGE DNS/DHCP CONFIGURATION ---------------------------------------------------- To manage Novell DNS/DHCP Services, administrators require sufficient NDS rights, depending on the type of operation to be performed. Administrators who will add new objects and modify existing objects require Add rights to the appropriate NDS container object. The following table summarizes rights requirements for creating new configuration objects and modifying existing objects. DNS/DHCP Objects Object Rights All Property Rights ---------------- ------------- ------------------- Locator object Browse Supervisor Group object Browse Supervisor Existing objects Supervisor Supervisor Administrators who manage a given set of DHCP subnets or DNS zones require rights to create or delete IP addresses, ranges of addresses, or resource record sets. The following table lists the rights requirements of administrators who perform these tasks. DNS/DHCP Objects Object Rights All Property Rights ---------------- ---------------------- ------------------- Locator object Browse Read Group object Browse Read Existing objects Browse, Create, Delete Supervisor Administrators or users who need to view DNS/DHCP configuration require rights as summarized in the following table. DNS/DHCP Objects Object Rights All Property Rights ---------------- ------------- ------------------- Locator object Browse Read Group object Browse Read Existing objects Browse Read USING THE DNS/DHCP MANAGEMENT CONSOLE ------------------------------------- You must use a client workstation that is bound to TCP/IP to use the DNS/DHCP Management Console. Using the DNS/DHCP Management Console on client workstations that are bound to IPX-only networks results in the following: * Server objects are displayed as inactive. * The Start and Stop Service button is disabled. * The Audit Trail/Event Log button is disabled. INCREASING THE STARTUP SPEED OF THE DNS/DHCP MANAGEMENT CONSOLE ------------------------------------------------------- When launching the DNS/DHCP Management Console, you can use the "-C" option on the command line to specify the context of the DNS/ DHCP Locator object. When you use the "-C" option, you eliminate the search for the DNS/DHCP Locator object and obtain quicker access to the DNS/DHCP Management Console. For example, if the DNS/DHCP Locator object is in the dnsdhcp.novell container, you would edit the DNS/DHCP Management Console shortcut's target to include the following: "C:\PROGRAM FILES\NOVELL\DNSDHCP\DNSDHCP.EXE" -C DNSDHCP.NOVELL ENTERING DATA WITH THE CAPS LOCK KEY ACTIVE ------------------------------------------- When entering configuration data, do not use the Caps Lock key to enter upper-case letters. A problem in Java causes incorrect characters to be echoed to the dialog box. This problem will be corrected in a Support Pack release. DYNAMIC DNS AND REMOVED RESOURCE RECORDS ---------------------------------------- Dynamic DNS (DDNS) removes the resource records of inactive addresses but allows resource record sets to remain. The resource record sets are not returned in response to queries against the resource records; however, the resource record sets appear in the DNS/DHCP Management Console without any resource records. SERVER ACCESS TO DNS/DHCP LOCATOR OBJECT NOT REQUIRED ----------------------------------------------------- The requirement that the DNS and DHCP servers always have access to the DNS/DHCP Locator object has been relaxed. The DHCP server can load without having access to the DNS/DHCP Locator object. However, the first time the server loads it requires access to the DNS/DHCP Locator object to obtain a copy of any global configuration from the object. The DHCP server saves a copy of the global configuration in SYS:\ETC\DHCP\DHCPLOC.TAB. In subsequent loads, the DHCP server will try to obtain the global configuration information from the DNS/DHCP Locator object. If the information is not available, the DHCP server will read the information from the last saved copy of SYS:\ETC\DHCP\DHCPLOC.TAB. Each time the DHCP server loads and the DNS/DHCP Locator object is available, the DHCP server updates the DHCPLOC.TAB file. The DNS server also does not require access to the DNS/DHCP Locator object. It has been enhanced to require access to the DNS/DHCP Locator object only if the NAMED command line arguments are specified to create zones in NDS. The DNS server no longer requires access to the RootSrvrInfo zone stored in NDS. The DNS server now first tries to find the RootSrvrInfo zone in NDS, but if it is not available, the DNS server uses the copy of the information found in SYS:\ETC\DNS\ROOTSRVR.DAT. ASSIGNING A SUBNET'S DEFAULT SERVER TO ADDRESS RANGES THAT INCLUDE BOOTP ADDRESSES ------------------------------------------------------ The BOOTP protocol, unlike DHCP, does not provide a mechanism for a client to accept only a single offer of an IP address; therefore, the DNS/DHCP Management Console allows only the server that is specified as the default server in a Subnet object to be assigned to any address ranges that include BOOTP addresses. If you want to assign other servers to the address ranges, you should change the address range type so that it doesn't include BOOTP. If the range type includes BOOTP, you will not be allowed to change the DHCP server assigned to the range. FINDING ADDRESSES MARKED UNAUTHORIZED BY THE PING FEATURE --------------------------------------------------------- You can find unauthorized addresses in an exported DHCP configuration by searching for IP Address objects with an Assignment Type value of 32. Use FIND in a text editor to quickly identify addresses that have been marked as unauthorized. USING THE "-F" COMMAND LINE OPTION FOR DNIPINST.NLM --------------------------------------------------- DNIPINST.NLM is a backup method of extending the schema and creating the DNS/DHCP Locator and Group objects and the RootSrvrInfo zone. DNIPINST.NLM can be used if problems occurred during the NetWare 5 installation process. Most administrators will not need to use this NLM. You can use the "-F" command line option in the DNIPINST.NLM to re-create the DNS/DHCP configuration objects if the initial attempt to set up Novell DNS/DHCP Services fails during the configuration object creation stage. When a failure occurs during the object creation phase, we recommend that you delete the DNS-DHCP (DNS/DHCP Locator), DNSDHCP-GROUP (DNS/DHCP Group), and the RootSrvrInfo objects (if they have been created), then use DNIPINST.NLM with the "-F" flag. When the "-F" command line option is specified, an initial console message confirms the action and the NDS login window appears. After a successful login, the object NDS context query window is displayed. You can enter the data and create the objects. If a schema extension error occurs, execute DNIPINST.NLM in the regular mode. LOAD CSATPXY.NLM ON SERVER TO VIEW AUDIT TRAIL EVENTS FROM CLIENT ----------------------------------------------------------------- To view the Audit Trail logs or Event logs, the CSAUDIT database proxy agent NLM - CSATPXY.NLM must be loaded on the server. It is using the TCP/IP to communicate with the requesting DNS/DHCP Management Console running on the client. The default port for CSATPXY.NLM is 2000, and user can set it to a different port if there is conflict, such as "Load CSATPXY 999" to use port 999. The default port on the client side's DNS/DHCP Management Console is also set to 2000, so user can also use "-P 999" command line option to specify the same port as used by the CSATPXY.NLM. NOVELL TRADEMARKS ----------------- Novell and NetWare are registered trademarks of Novell, Inc. in the United States and other countries. Internetwork Packet Exchange, IPX, NDS, NetWare 5, NetWare Loadable Module, and NLM are trademarks of Novell, Inc. ************************************** Copyright (c) 1997, 1998 Novell, Inc. All Rights Reserved.