              ===============================
              NOVELL DNS/DHCP SERVICES README
              ===============================
                      November 20, 1998

This document provides information that was discovered or developed
too late to be included in the online documentation. The following
topics are covered:  

  * NDS RIGHTS REQUIRED TO MANAGE DNS/DHCP CONFIGURATION

  * USING THE DNS/DHCP MANAGEMENT CONSOLE

  * INCREASING THE STARTUP SPEED OF THE DNS/DHCP MANAGEMENT CONSOLE

  * ENTERING DATA WITH THE CAPS LOCK KEY ACTIVE

  * DYNAMIC DNS AND REMOVED RESOURCE RECORDS

  * SERVER ACCESS TO DNS/DHCP LOCATOR OBJECT NOT REQUIRED

  * ASSIGNING A SUBNET'S DEFAULT SERVER TO ADDRESS RANGES
    THAT INCLUDE BOOTP ADDRESSES

  * FINDING ADDRESSES MARKED UNAUTHORIZED BY THE PING FEATURE

  * USING THE "-F" COMMAND LINE OPTION FOR DNIPINST.NLM

  * LOAD CSATPXY.NLM ON SERVER TO VIEW AUDIT TRAIL EVENTS FROM CLIENT



NDS RIGHTS REQUIRED TO MANAGE DNS/DHCP CONFIGURATION
----------------------------------------------------

To manage Novell DNS/DHCP Services, administrators require 
sufficient NDS rights, depending on the type of operation to be 
performed. 

Administrators who will add new objects and modify existing
objects require Add rights to the appropriate NDS container 
object.  The following table summarizes rights requirements for
creating new configuration objects and modifying existing objects.

DNS/DHCP Objects     Object Rights        All Property Rights
----------------     -------------        -------------------
Locator object       Browse               Supervisor
Group object         Browse               Supervisor
Existing objects     Supervisor           Supervisor


Administrators who manage a given set of DHCP subnets or DNS zones
require rights to create or delete IP addresses, ranges of 
addresses, or resource record sets. The following table lists
the rights requirements of administrators who perform these tasks.

DNS/DHCP Objects     Object Rights             All Property Rights
----------------     ----------------------    -------------------
Locator object       Browse                    Read
Group object         Browse                    Read
Existing objects     Browse, Create, Delete    Supervisor


Administrators or users who need to view DNS/DHCP configuration 
require rights as summarized in the following table.

DNS/DHCP Objects     Object Rights       All Property Rights
----------------     -------------       -------------------
Locator object       Browse              Read
Group object         Browse              Read
Existing objects     Browse              Read



USING THE DNS/DHCP MANAGEMENT CONSOLE
-------------------------------------

You must use a client workstation that is bound to TCP/IP to use 
the DNS/DHCP Management Console.  Using the DNS/DHCP Management 
Console on client workstations that are bound to IPX-only 
networks results in the following: 

  * Server objects are displayed as inactive. 
  * The Start and Stop Service button is disabled. 
  * The Audit Trail/Event Log button is disabled. 



INCREASING THE STARTUP SPEED OF THE DNS/DHCP MANAGEMENT CONSOLE
-------------------------------------------------------

When launching the DNS/DHCP Management Console, you can use the
"-C" option on the command line to specify the context of the DNS/
DHCP Locator object. When you use the "-C" option, you eliminate 
the search for the DNS/DHCP Locator object and obtain quicker 
access to the DNS/DHCP Management Console. 

For example, if the DNS/DHCP Locator object is in the 
dnsdhcp.novell container, you would edit the DNS/DHCP Management 
Console shortcut's target to include the following: 

"C:\PROGRAM FILES\NOVELL\DNSDHCP\DNSDHCP.EXE" -C DNSDHCP.NOVELL



ENTERING DATA WITH THE CAPS LOCK KEY ACTIVE
-------------------------------------------

When entering configuration data, do not use the Caps Lock key to 
enter upper-case letters. A problem in Java causes incorrect 
characters to be echoed to the dialog box. This problem will be 
corrected in a Support Pack release. 



DYNAMIC DNS AND REMOVED RESOURCE RECORDS
----------------------------------------

Dynamic DNS (DDNS) removes the resource records of inactive addresses 
but allows resource record sets to remain. The resource record sets 
are not returned in response to queries against the resource records;
however, the resource record sets appear in the DNS/DHCP Management 
Console without any resource records.



SERVER ACCESS TO DNS/DHCP LOCATOR OBJECT NOT REQUIRED
-----------------------------------------------------

The requirement that the DNS and DHCP servers always have access 
to the DNS/DHCP Locator object has been relaxed.

The DHCP server can load without having access to the DNS/DHCP 
Locator object. However, the first time the server loads it requires
access to the DNS/DHCP Locator object to obtain a copy of any global 
configuration from the object.  The DHCP server saves a copy 
of the global configuration in SYS:\ETC\DHCP\DHCPLOC.TAB.

In subsequent loads, the DHCP server will try to obtain the global 
configuration information from the DNS/DHCP Locator object. If the
information is not available, the DHCP server will read the 
information from the last saved copy of SYS:\ETC\DHCP\DHCPLOC.TAB.  
Each time the DHCP server loads and the DNS/DHCP Locator object is 
available, the DHCP server updates the DHCPLOC.TAB file. 

The DNS server also does not require access to the DNS/DHCP Locator 
object. It has been enhanced to require access to the DNS/DHCP 
Locator object only if the NAMED command line arguments are 
specified to create zones in NDS. The DNS server no longer 
requires access to the RootSrvrInfo zone stored in NDS.  The DNS 
server now first tries to find the RootSrvrInfo zone in NDS, but if 
it is not available, the DNS server uses the copy of the information 
found in SYS:\ETC\DNS\ROOTSRVR.DAT. 



ASSIGNING A SUBNET'S DEFAULT SERVER TO ADDRESS RANGES
THAT INCLUDE BOOTP ADDRESSES
------------------------------------------------------

The BOOTP protocol, unlike DHCP, does not provide a mechanism for a 
client to accept only a single offer of an IP address; therefore, 
the DNS/DHCP Management Console allows only the server that is 
specified as the default server in a Subnet object to be assigned 
to any address ranges that include BOOTP addresses.  If you want to 
assign other servers to the address ranges, you should change the 
address range type so that it doesn't include BOOTP.  If the range 
type includes BOOTP, you will not be allowed to change the DHCP 
server assigned to the range. 



FINDING ADDRESSES MARKED UNAUTHORIZED BY THE PING FEATURE
---------------------------------------------------------

You can find unauthorized addresses in an exported DHCP configuration 
by searching for IP Address objects with an Assignment Type value of 
32.  Use FIND in a text editor to quickly identify addresses that 
have been marked as unauthorized. 



USING THE "-F" COMMAND LINE OPTION FOR DNIPINST.NLM
---------------------------------------------------

DNIPINST.NLM is a backup method of extending the schema and creating 
the DNS/DHCP Locator and Group objects and the RootSrvrInfo zone. 
DNIPINST.NLM can be used if problems occurred during the NetWare 5 
installation process.  Most administrators will not need to use this 
NLM. 

You can use the "-F" command line option in the DNIPINST.NLM to 
re-create the DNS/DHCP configuration objects if the initial attempt 
to set up Novell DNS/DHCP Services fails during the configuration 
object creation stage.

When a failure occurs during the object creation phase, we recommend
that you delete the DNS-DHCP (DNS/DHCP Locator), DNSDHCP-GROUP 
(DNS/DHCP Group), and the RootSrvrInfo objects (if they have been 
created), then use DNIPINST.NLM with the "-F" flag.

When the "-F" command line option is specified, an initial console 
message confirms the action and the NDS login window appears.
After a successful login, the object NDS context query window is 
displayed. You can enter the data and create the objects.

If a schema extension error occurs, execute DNIPINST.NLM in the 
regular mode.



LOAD CSATPXY.NLM ON SERVER TO VIEW AUDIT TRAIL EVENTS FROM CLIENT
-----------------------------------------------------------------

To view the Audit Trail logs or Event logs, the CSAUDIT database proxy
agent NLM - CSATPXY.NLM must be loaded on the server.  It is using the
TCP/IP to communicate with the requesting DNS/DHCP Management Console
running on the client.

The default port for CSATPXY.NLM is 2000, and user can set it to a 
different port if there is conflict, such as "Load CSATPXY 999<cr>"
to use port 999.  The default port on the client side's DNS/DHCP
Management Console is also set to 2000, so user can also use "-P 999"
command line option to specify the same port as used by the CSATPXY.NLM.



NOVELL TRADEMARKS
----------------- 

Novell and NetWare are registered trademarks of Novell, Inc. in the 
United States and other countries. 

Internetwork Packet Exchange, IPX, NDS, NetWare 5, NetWare Loadable
Module, and NLM are trademarks of Novell, Inc.

**************************************

Copyright (c) 1997, 1998 Novell, Inc. All Rights Reserved.