Dynamic DNS Question

[David Mitchell]

We've run into a potential problem with our FreeRadius setup. We
currently use per-client keys for security. We have begun testing
dynamic DNS updates and have run into the problem of having the radius
server fail to start because an entry in clients.conf refers to a DNS
entry which doesn't exist. We could use only IP addresses in
clients.conf, but that means we can't have dynamic addresses for
clients. We could also use per-subnet keys but we really want to keep
the increase in security afforded by having unique keys for each host.

My question is two-fold. One, does anybody know of a workaround with the
current code base I haven't thought of? Two, what sorts of requirements
should I include if I code up patch to add this feature? Certainly I
would guess that there would have to be a way to keep the current
functionality where responding to authentication requests would not
require any DNS requests. But in our dynamic DNS case, I would like the
server to look up the reverse DNS entry of the source IP address on an
incoming request and use that result to determine which clients.conf
entry to use. This would mean caching the FQDN names from the
clients.conf file somewhere and then searching that list with the
results of the DNS query. Or alternatively doing something more
sophisticated such as determining the key to use based on attributes in
the request itself. Any feedback on the direction I should take before I
start trying to code something up would be appreciated. Thanks in advance,

-David Mitchell

-- 
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |
-----------------------------------------------------------------