Skip to main content

How to Comply with Network Registration Policy

This article applies to: DNS


If you're responsible for network connections in your department or building, you need to register all the network devices into DNS as per University Policy 5.7, Network Registry

Unregistered machines may be difficult to locate. This may cause a problem, for example, if a machine is flooding the network with traffic. Although CIT can locate the machine via port traffic, it can take a week or more to locate the individual responsible for the machine. If you scan your networks for a vulnerability or virus and discover a machine that is affected, it is much more difficult to identify the machine if it is unregistered or using dynamic DHCP.

Options

How you enter the data required by Cornell's Network Registry depends on the method your subnet uses for assigning IP addresses. Network registry is assigning Cornell NetIDs and MAC addresses to registered DNS/IP names.

To use the tools described here, you need to be a registered network administrator as described on the How to Manage DNS Registrations for Your Subnet page.

Static IP addressing

  1. Once the host names are entered in CIT's DNS database (DNSdb), add two additional fields using either:

CIT's DHCP registration service

  • These subnets are already in compliance with the Network Registry policy; information already in DNSdb does not need to be re-entered.

A departmental DHCP service

Network administrators should:

  • Limit their service to known MAC addresses.
  • Record machines in the Network Registry using DNSdb's batch load addhost, addmac and  chgowner commands shown above. If a dynamic pool of known MAC addresses is used, each MAC should be registered in DNSDB with an IP address in the "0" address space, which is reserved for network registry (no network traffic is routed to or from a "0" address, nor are "0" addresses served in DNS). For example, if the subnet is 128.253.230.0/24 then the netadmin can assign "0" addresses 0.253.230.11 - 0.253.230.254 in the network registry.

A departmental firewall and/or a single circuit gateway (separated subnets)

The network administrator should send email to hostmaster to set up a meeting to talk about how CIT can help you comply with the policy.

About this Article

Last updated: 

Thursday, February 9, 2017 - 7:03pm

Audience: 

IT Professionals

Was this page helpful?

Your feedback helps improve the site.

Comments?