-1

When I deploy a fresh CentOS VM with DHCP enabled onto our corporate sandbox ESXi host, it sometimes steals the hostname of another running VM while booting up. My gut feeling is that this is a serious security problem or at least a nasty misconfiguration of our network.

I have checked that the IP addresses of the VM with the stolen name and the original VM are different.

Why could this be happening an how should we fix it?

JohnEye
  • 409
  • 1
  • 5
  • 12
  • 1
    Check the MAC-addresses of your VMs and the leases on the DHCP-server. – Lenniey Mar 17 '17 at 09:33
  • @Lenniey: Can you please elaborate on this suggestion? What do you expect me to see? – JohnEye Mar 17 '17 at 10:14
  • Do your VMs _steal_ the IPs of other **VMs** running on the same server or from other hosts / VMs? Please edit some details into your question. For my comment: you should list the MAC-addresses of your VMs and compare them to other hosts / VMs on your network. – Lenniey Mar 17 '17 at 10:19
  • It's other VMs, I've edited the question. Not sure about stealing IPs, but I will check whether its' the IPs too. – JohnEye Mar 17 '17 at 10:22
  • the centos7 install does a reverse lookup in your dns server to see if that IP has a hostname already. Maybe check the PTR records ? – Koen van der Rijt Mar 17 '17 at 10:24
  • It seems pretty clear that you haven't reserved them. If you haven't reserved them, they can't be stolen. – David Schwartz Mar 17 '17 at 10:40
  • Hm, so the VMs are getting different IPs. Is it possible that once there are enough VMs occupying the same IP address range, it becomes likely to get an address of a VM which recently had the same IP address and still has an active DNS record? Sorry if my questions seem dumb, but I am not a sysadmin. – JohnEye Mar 17 '17 at 14:38
  • Sounds like stale DNS records to me. – gravyface Mar 17 '17 at 14:41

1 Answers1

5

When installing a CentOS box using standard DHCP settings, the new box's hostname is obtained via reverse DNS resolution. You should verify that:

  • no PTR (or the right PTR) exists for the IP address assigned to the new box
  • that your virtualized MAC addresses really are unique among your virtual machines.
shodanshok
  • 47,711
  • 7
  • 111
  • 180