summaryrefslogtreecommitdiff
path: root/doc/draft-ietf-dhc-dhcp-dns-12.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/draft-ietf-dhc-dhcp-dns-12.txt')
-rw-r--r--doc/draft-ietf-dhc-dhcp-dns-12.txt1072
1 files changed, 1072 insertions, 0 deletions
diff --git a/doc/draft-ietf-dhc-dhcp-dns-12.txt b/doc/draft-ietf-dhc-dhcp-dns-12.txt
new file mode 100644
index 00000000..c97ba625
--- /dev/null
+++ b/doc/draft-ietf-dhc-dhcp-dns-12.txt
@@ -0,0 +1,1072 @@
+
+
+DHC Working Group M. Stapp
+Internet-Draft Y. Rekhter
+Expires: September 2000 Cisco Systems, Inc.
+ March 10, 2000
+
+
+ Interaction between DHCP and DNS
+ <draft-ietf-dhc-dhcp-dns-12.txt>
+
+Status of this Memo
+
+ This document is an Internet-Draft and is in full conformance with
+ all provisions of Section 10 of RFC2026.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as
+ Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six
+ months and may be updated, replaced, or obsoleted by other documents
+ at any time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ To view the entire list of Internet-Draft Shadow Directories, see
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on September 2000.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+Abstract
+
+ DHCP provides a powerful mechanism for IP host configuration.
+ However, the configuration capability provided by DHCP does not
+ include updating DNS, and specifically updating the name to address
+ and address to name mappings maintained in the DNS.
+
+ This document specifies how DHCP clients and servers should use the
+ Dynamic DNS Updates mechanism in RFC2136[5] to update the DNS name
+ to address and address to name mappings so that the mappings for
+ DHCP clients will be consistent with the IP addresses that the
+ clients acquire via DHCP.
+
+
+
+
+
+
+
+Stapp & Rekhter Expires September 2000 [Page 1]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+Table of Contents
+
+ 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 3. Models of Operation . . . . . . . . . . . . . . . . . . . . 3
+ 4. Issues with DDNS in DHCP Environments . . . . . . . . . . . 4
+ 4.1 Name Collisions . . . . . . . . . . . . . . . . . . . . . . 5
+ 4.2 Multiple DHCP servers . . . . . . . . . . . . . . . . . . . 6
+ 4.3 Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . 6
+ 4.3.1 Format of the DHCID RRDATA . . . . . . . . . . . . . . . . . 6
+ 4.4 DNS RR TTLs . . . . . . . . . . . . . . . . . . . . . . . . 8
+ 5. Client FQDN Option . . . . . . . . . . . . . . . . . . . . . 8
+ 5.1 The Flags Field . . . . . . . . . . . . . . . . . . . . . . 9
+ 5.2 The RCODE Fields . . . . . . . . . . . . . . . . . . . . . . 10
+ 5.3 The Domain Name Field . . . . . . . . . . . . . . . . . . . 10
+ 6. DHCP Client behavior . . . . . . . . . . . . . . . . . . . . 10
+ 7. DHCP Server behavior . . . . . . . . . . . . . . . . . . . . 12
+ 8. Procedures for performing DNS updates . . . . . . . . . . . 14
+ 8.1 Adding A RRs to DNS . . . . . . . . . . . . . . . . . . . . 14
+ 8.2 Adding PTR RR Entries to DNS . . . . . . . . . . . . . . . . 15
+ 8.3 Removing Entries from DNS . . . . . . . . . . . . . . . . . 15
+ 8.4 Updating other RRs . . . . . . . . . . . . . . . . . . . . . 16
+ 9. Security Considerations . . . . . . . . . . . . . . . . . . 16
+ 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17
+ References . . . . . . . . . . . . . . . . . . . . . . . . . 17
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 18
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . 19
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Stapp & Rekhter Expires September 2000 [Page 2]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+1. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119[6].
+
+2. Introduction
+
+ DNS (RFC1034[1], RFC1035[2]) maintains (among other things) the
+ information about mapping between hosts' Fully Qualified Domain
+ Names (FQDNs) RFC1594[4] and IP addresses assigned to the hosts. The
+ information is maintained in two types of Resource Records (RRs): A
+ and PTR. The A RR contains mapping from a FQDN to an IP address; the
+ PTR RR contains mapping from an IP address to a FQDN. The Dynamic
+ DNS Updates specification (RFC2136[5]) describes a mechanism that
+ enables DNS information to be updated over a network.
+
+ DHCP RFC2131[3] provides a mechanism by which a host (a DHCP client)
+ can acquire certain configuration information, along with its IP
+ address(es). However, DHCP does not provide any mechanisms to update
+ the DNS RRs that contain the information about mapping between the
+ host's FQDN and its IP address(es) (A and PTR RRs). Thus the
+ information maintained by DNS for a DHCP client may be incorrect - a
+ host (the client) could acquire its address by using DHCP, but the A
+ RR for the host's FQDN wouldn't reflect the address that the host
+ acquired, and the PTR RR for the acquired address wouldn't reflect
+ the host's FQDN.
+
+ The Dynamic DNS Update protocol can be used to maintain consistency
+ between the information stored in the A and PTR RRs and the actual
+ address assignment done via DHCP. When a host with a particular FQDN
+ acquires its IP address via DHCP, the A RR associated with the
+ host's FQDN would be updated (by using the Dynamic DNS Updates
+ protocol) to reflect the new address. Likewise, when an IP address
+ is assigned to a host with a particular FQDN, the PTR RR associated
+ with this address would be updated (using the Dynamic DNS Updates
+ protocol) to reflect the new FQDN.
+
+ Although this document refers to the A and PTR DNS record types and
+ to DHCP assignment of IPv4 addresses, the same procedures and
+ requirements apply for updates to the analogous RR types that are
+ used when clients are assigned IPv6 addresses via DHCPv6.
+
+3. Models of Operation
+
+ When a DHCP client acquires a new address, a site's administrator
+ may desire that one or both of the A RR for the client's FQDN and
+ the PTR RR for the acquired address be updated. Therefore, two
+ separate Dynamic DNS Update transactions occur. Acquiring an address
+
+
+Stapp & Rekhter Expires September 2000 [Page 3]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ via DHCP involves two entities: a DHCP client and a DHCP server. In
+ principle each of these entities could perform none, one, or both of
+ the transactions. However, in practice not all permutations make
+ sense. This document covers these possible design permutations:
+
+ 1. DHCP client updates the A RR, DHCP server updates the PTR RR
+ 2. DHCP server updates both the A and the PTR RRs
+
+ The only difference between these two cases is whether the FQDN to
+ IP address mapping is updated by a DHCP client or by a DHCP server.
+ The IP address to FQDN mapping is updated by a DHCP server in both
+ cases.
+
+ The reason these two are important, while others are unlikely, has
+ to do with authority over the respective DNS domain names. A DHCP
+ client may be given authority over mapping its own A RRs, or that
+ authority may be restricted to a server to prevent the client from
+ listing arbitrary addresses or associating its address with
+ arbitrary domain names. In all cases, the only reasonable place for
+ the authority over the PTR RRs associated with the address is in the
+ DHCP server that allocates the address.
+
+ In any case, whether a site permits all, some, or no DHCP servers
+ and clients to perform DNS updates into the zones which it controls
+ is entirely a matter of local administrative policy. This document
+ does not require any specific administrative policy, and does not
+ propose one. The range of possible policies is very broad, from
+ sites where only the DHCP servers have been given credentials that
+ the DNS servers will accept, to sites where each individual DHCP
+ client has been configured with credentials which allow the client
+ to modify its own domain name. Compliant implementations MAY support
+ some or all of these possibilities. Furthermore, this specification
+ applies only to DHCP client and server processes: it does not apply
+ to other processes which initiate dynamic DNS updates.
+
+ This document describes a new DHCP option which a client can use to
+ convey all or part of its domain name to a DHCP server.
+ Site-specific policy determines whether DHCP servers use the names
+ that clients offer or not, and what DHCP servers may do in cases
+ where clients do not supply domain names.
+
+4. Issues with DDNS in DHCP Environments
+
+ There are two DNS update situations that require special
+ consideration in DHCP environments: cases where more than one DHCP
+ client has been configured with the same FQDN, and cases where more
+ than one DHCP server has been given authority to perform DNS updates
+ in a zone. In these cases, it is possible for DNS records to be
+ modified in inconsistent ways unless the updaters have a mechanism
+ that allows them to detect anomolous situations. If DNS updaters can
+
+
+Stapp & Rekhter Expires September 2000 [Page 4]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ detect these situations, site administrators can configure the
+ updaters' behavior so that the site's policies can be enforced. We
+ use the term "Name Collisions" to refer to cases where more than one
+ DHCP client has been associated with a single FQDN. This
+ specification describes a mechanism designed to allow updaters to
+ detect these situations, and requires that DHCP implementations use
+ this mechanism by default.
+
+4.1 Name Collisions
+
+ How can the entity updating an A RR (either the DHCP client or DHCP
+ server) detect that a domain name has an A RR which is already in
+ use by a different DHCP client? Similarly, should a DHCP client or
+ server update a domain name which has an A RR that has been
+ configured by an administrator? In either of these cases, the
+ domain name in question would either have an additional A RR, or
+ would have its original A RR replaced by the new record. Either of
+ these effects may be considered undesirable by some sites. Different
+ authority and credential models have different levels of exposure to
+ name collisions.
+
+ 1. Client updates A RR, uses Secure DNS Update with credentials
+ that are associated with the client's FQDN, and exclusive to the
+ client. Name collisions in this scenario are unlikely (though
+ not impossible), since the client has received credentials
+ specific to the name it desires to use. This implies that the
+ name has already been allocated (through some implementation- or
+ organization-specific procedure) to that client.
+
+ 2. Client updates A RR, uses Secure DNS Update with credentials
+ that are valid for any name in the zone. Name collisions in this
+ scenario are possible, since the credentials necessary for the
+ client to update DNS are not necessarily name-specific. Thus,
+ for the client to be attempting to update a unique name requires
+ the existence of some administrative procedure to ensure client
+ configuration with unique names.
+
+ 3. Server updates the A RR, uses a name for the client which is
+ known to the server. Name collisions in this scenario are likely
+ unless prevented by the server's name configuration procedures.
+ See Section 9 for security issues with this form of deployment.
+
+ 4. Server updates the A RR, uses a name supplied by the client.
+ Name collisions in this scenario are highly likely, even with
+ administrative procedures designed to prevent them. (This
+ scenario is a popular one in real-world deployments in many
+ types of organizations.) See Section 9 for security issues with
+ this type of deployment.
+
+
+ Scenarios 2, 3, and 4 rely on administrative procedures to ensure
+ name uniqueness for DNS updates, and these procedures may break
+ down. Experience has shown that, in fact, these procedures will
+ break down at least occasionally. The question is what to do when
+
+
+Stapp & Rekhter Expires September 2000 [Page 5]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ these procedures break down or, for example in scenario #4, may not
+ even exist.
+
+ In all cases of name collisions, the desire is to offer two modes of
+ operation to the administrator of the combined DHCP-DNS capability:
+ first-update-wins (i.e., the first updating entity gets the name) or
+ most-recent-update-wins (i.e., the last updating entity for a name
+ gets the name).
+
+4.2 Multiple DHCP servers
+
+ If multiple DHCP servers are able to update the same DNS zones, or
+ if DHCP servers are performing A RR updates on behalf of DHCP
+ clients, and more than one DHCP server may be able to serve
+ addresses to the same DHCP clients, the DHCP servers should be able
+ to provide reasonable and consistent DNS name update behavior for
+ DHCP clients.
+
+4.3 Use of the DHCID RR
+
+ A solution to both of these problems is for the updating entities
+ (both DHCP clients and DHCP servers) to be able to detect that
+ another entity has been associated with a DNS name, and to offer
+ administrators the opportunity to configure update behavior.
+
+ Specifically, a DHCID RR, described in DHCID RR[12] is used to
+ associate client identification information with a DNS name and the
+ A RR associated with that name. When either a client or server adds
+ an A RR for a client, it also adds a DHCID RR which specifies a
+ unique client identity (based on a "client specifier" created from
+ the client's client-id or MAC address). In this model, only one A
+ RR is associated with a given DNS name at a time.
+
+ By associating this ownership information with each A RR,
+ cooperating DNS updating entities may determine whether their client
+ is the first or last updater of the name (and implement the
+ appropriately configured administrative policy), and DHCP clients
+ which currently have a host name may move from one DHCP server to
+ another without losing their DNS name.
+
+ The specific algorithms utilizing the DHCID RR to signal client
+ ownership are explained below. The algorithms only work in the case
+ where the updating entities all cooperate -- this approach is
+ advisory only and is not substitute for DNS security, nor is it
+ replaced by DNS security.
+
+4.3.1 Format of the DHCID RRDATA
+
+ The DHCID RR used to hold the DHCP client's identity is formatted as
+
+
+Stapp & Rekhter Expires September 2000 [Page 6]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ follows:
+
+ The name of the DHCID RR is the name of the A or PTR RR which refers
+ to the DHCP client.
+
+ The RDATA section of a DHCID RR in transmission contains RDLENGTH
+ bytes of binary data. From the perspective of DHCP clients and
+ servers, the DHC resource record consists of a 16-bit identifier
+ type, followed by one or more bytes representing the actual
+ identifier. There are two possible forms for a DHCID RR - one that
+ is used when the client's link-layer address is being used to
+ identify it, and one that is used when some DHCP option that the
+ DHCP client has sent is being used to identify it.
+
+
+ DISCUSSION:
+ Implementors should note that the actual identifying data is
+ never placed into the DNS directly. Instead, the client-identity
+ data is used as the input into a one-way hash algorithm, and the
+ output of that hash is then used as DNS RRDATA. This has been
+ specified in order to avoid placing data about DHCP clients that
+ some sites might consider sensitive into the DNS.
+
+ When the updater is using the client's link-layer address, the first
+ two bytes of the DHCID RRDATA MUST be zero. To generate the rest of
+ the resource record, the updater MUST compute a one-way hash using
+ the MD5[13] algorithm across a buffer containing the client's
+ network hardware type and link-layer address. Specifically, the
+ first byte of the buffer contains the network hardware type as it
+ appears in the DHCP htype field of the client's DHCPREQUEST message.
+ All of the significant bytes of the chaddr field in the client's
+ DHCPREQUEST message follow, in the same order in which the bytes
+ appear in the DHCPREQUEST message. The number of significant bytes
+ in the chaddr field is specified in the hlen field of the
+ DHCPREQUEST message.
+
+ When the updater is using a DHCP option sent by the client in its
+ DHCPREQUEST message, the first two bytes of the DHCID RR MUST be the
+ option code of that option, in network byte order. For example, if
+ the DHCP client identifier option is being used, the first byte of
+ the DHCID RR should be zero, and the second byte should be 61
+ decimal. The rest of the DHCID RR MUST contain the results of
+ computing a one-way hash across the payload of the option being
+ used, using the MD5 algorithm. The payload of a DHCP option consists
+ of the bytes of the option following the option code and length.
+
+ In order for independent DHCP implementations to be able to use the
+ DHCID RR as a prerequisite in dynamic DNS updates, each updater must
+ be able to reliably choose the same identifier that any other would
+ choose. To make this possible, we specify a prioritization which
+
+
+Stapp & Rekhter Expires September 2000 [Page 7]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ will ensure that for any given DHCP client request, any updater will
+ select the same client-identity data. All updaters MUST use this
+ order of prioritization by default, but all implementations SHOULD
+ be configurable to use a different prioritization if so desired by
+ the site administrators. Because of the possibility of future
+ changes in the DHCP protocol, implementors SHOULD check for updated
+ versions of this draft when implementing new DHCP clients and
+ servers which can perform DDNS updates, and also when releasing new
+ versions of existing clients and servers.
+
+ DHCP clients and servers should use the following forms of client
+ identification, starting with the most preferable, and finishing
+ with the least preferable. If the client does not send any of these
+ forms of identification, the DHCP/DDNS interaction is not defined by
+ this specification. The most preferable form of identification is
+ the Globally Unique Identifier Option [TBD]. Next is the DHCP
+ Client Identifier option. Last is the client's link-layer address,
+ as conveyed in its DHCPREQUEST message. Implementors should note
+ that the link-layer address cannot be used if there are no
+ significant bytes in the chaddr field of the DHCP client's request,
+ because this does not constitute a unique identifier.
+
+4.4 DNS RR TTLs
+
+ RRs associated with DHCP clients may be more volatile than
+ statically configured RRs. DHCP clients and servers which perform
+ dynamic updates should attempt to specify resource record TTLs which
+ reflect this volatility, in order to minimize the possibility that
+ there will be stale records in resolvers' caches. A reasonable basis
+ for RR TTLs is the lease duration itself: TTLs of 1/2 or 1/3 the
+ expected lease duration might be reasonable defaults. Because
+ configured DHCP lease times vary widely from site to site, it may
+ also be desirable to establish a fixed TTL ceiling. DHCP clients and
+ servers MAY allow administrators to configure the TTLs they will
+ supply, possibly as a fraction of the actual lease time, or as a
+ fixed value.
+
+5. Client FQDN Option
+
+ To update the IP address to FQDN mapping a DHCP server needs to know
+ the FQDN of the client to which the server leases the address. To
+ allow the client to convey its FQDN to the server this document
+ defines a new DHCP option, called "Client FQDN". The FQDN Option
+ also contains Flags and RCode fields which DHCP servers can use to
+ convey information about DNS updates to clients.
+
+ Clients MAY send the FQDN option, setting appropriate Flags values,
+ in both their DISCOVER and REQUEST messages. If a client sends the
+ FQDN option in its DISCOVER message, it MUST send the option in
+
+
+Stapp & Rekhter Expires September 2000 [Page 8]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ subsequent REQUEST messages.
+
+ The code for this option is 81. Its minimum length is 4.
+
+
+ Code Len Flags RCODE1 RCODE2 Domain Name
+ +------+------+------+------+------+------+--
+ | 81 | n | | | | ...
+ +------+------+------+------+------+------+--
+
+
+5.1 The Flags Field
+
+
+ 0 1 2 3 4 5 6 7
+ +-+-+-+-+-+-+-+-+
+ | MBZ |E|O|S|
+ +-+-+-+-+-+-+-+-+
+
+
+ When a DHCP client sends the FQDN option in its DHCPDISCOVER and/or
+ DHCPREQUEST messages, it sets the right-most bit (labelled "S") to
+ indicate that it will not perform any Dynamic DNS updates, and that
+ it expects the DHCP server to perform any FQDN-to-IP (the A RR) DNS
+ update on its behalf. If this bit is clear, the client indicates
+ that it intends to maintain its own FQDN-to-IP mapping update.
+
+ If a DHCP server intends to take responsibility for the A RR update
+ whether or not the client sending the FQDN option has set the "S"
+ bit, it sets both the "O" bit and the "S" bit, and sends the FQDN
+ option in its DHCPOFFER and/or DHCPACK messages.
+
+ The data in the Domain Name field may appear in one of two formats:
+ ASCII, or DNS-style binary encoding (without compression, of
+ course), as described in RFC1035[2]. A client which sends the FQDN
+ option MUST set the "E" bit to indicate that the data in the Domain
+ Name field is DNS binary encoded. If a server receives an FQDN
+ option from a client, and intends to include an FQDN option in its
+ reply, it MUST use the same encoding that the client used. The DNS
+ encoding is recommended. The use of ASCII-encoded domain-names is
+ fragile, and the use of ASCII encoding in this option should be
+ considered deprecated.
+
+ The remaining bits in the Flags field are reserved for future
+ assignment. DHCP clients and servers which send the FQDN option MUST
+ set the MBZ bits to 0, and they MUST ignore values in the part of
+ the field labelled "MBZ".
+
+
+
+
+Stapp & Rekhter Expires September 2000 [Page 9]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+5.2 The RCODE Fields
+
+ The RCODE1 and RCODE2 fields are used by a DHCP server to indicate
+ to a DHCP client the Response Code from any A or PTR RR Dynamic DNS
+ Updates it has performed. The server may also use these fields to
+ indicate whether it has attempted such an update before sending the
+ DHCPACK message. Each of these fields is one byte long.
+
+ Implementors should note that EDNS0 describes a mechanism for
+ extending the length of a DNS RCODE to 12 bits. EDNS0 is specified
+ in RFC2671[8]. Only the least-significant 8 bits of the RCODE from a
+ Dynamic DNS Update will be carried in the Client FQDN DHCP Option.
+ This provides enough number space to accomodate the RCODEs defined
+ in the Dynamic DNS Update specification.
+
+5.3 The Domain Name Field
+
+ The Domain Name part of the option carries all or part of the FQDN
+ of a DHCP client. A client may be configured with a fully-qualified
+ domain name, or with a partial name that is not fully-qualified. If
+ a client knows only part of its name, it MAY send a single label,
+ indicating that it knows part of the name but does not necessarily
+ know the zone in which the name is to be embedded. The data in the
+ Domain Name field may appear in one of two formats: ASCII (with no
+ terminating NULL), or DNS encoding as specified in RFC1035[2]. If
+ the DHCP client wishes to use DNS encoding, it MUST set the
+ third-from-rightmost bit in the Flags field (the "E" bit); if it
+ uses ASCII encoding, it MUST clear the "E" bit.
+
+ A DHCP client that can only send a single label using ASCII encoding
+ includes a series of ASCII characters in the Domain Name field,
+ excluding the "." (dot) character. The client SHOULD follow the
+ character-set recommendations of RFC1034[1] and RFC1035[2]. A client
+ using DNS binary encoding which wants to suggest part of its FQDN
+ MAY send a non-terminal sequence of labels in the Domain Name part
+ of the option.
+
+6. DHCP Client behavior
+
+ The following describes the behavior of a DHCP client that
+ implements the Client FQDN option.
+
+ If a client that owns/maintains its own FQDN wants to be responsible
+ for updating the FQDN to IP address mapping for the FQDN and
+ address(es) used by the client, then the client MUST include the
+ Client FQDN option in the DHCPREQUEST message originated by the
+ client. A DHCP client MAY choose to include the Client FQDN option
+ in its DISCOVER messages as well as its REQUEST messages. The
+ rightmost ("S") bit in the Flags field in the option MUST be set to
+
+
+Stapp & Rekhter Expires September 2000 [Page 10]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ 0. Once the client's DHCP configuration is completed (the client
+ receives a DHCPACK message, and successfully completes a final check
+ on the parameters passed in the message), the client MAY originate
+ an update for the A RR (associated with the client's FQDN). The
+ update MUST be originated following the procedures described in
+ RFC2136[5] and Section 8. If the DHCP server from which the client
+ is requesting a lease includes the FQDN option in its ACK message,
+ and if the server sets both the "S" and the "O" bits (the two
+ rightmost bits) in the option's flags field, the DHCP client MUST
+ NOT initiate an update for the name in the Domain Name field.
+
+ A client can choose to delegate the responsibility for updating the
+ FQDN to IP address mapping for the FQDN and address(es) used by the
+ client to the server. In order to inform the server of this choice,
+ the client SHOULD include the Client FQDN option in its DHCPREQUEST
+ message. The rightmost (or "S") bit in the Flags field in the option
+ MUST be set to 1. A client which delegates this responsibility MUST
+ NOT attempt to perform a Dynamic DNS update for the name in the
+ Domain Name field of the FQDN option. The client MAY supply an FQDN
+ in the Client FQDN option, or it MAY supply a single label (the
+ most-specific label), or it MAY leave that field empty as a signal
+ to the server to generate an FQDN for the client in any manner the
+ server chooses.
+
+ Since there is a possibility that the DHCP server may be configured
+ to complete or replace a domain name that the client was configured
+ to send, the client might find it useful to send the FQDN option in
+ its DISCOVER messages. If the DHCP server returns different Domain
+ Name data in its OFFER message, the client could use that data in
+ performing its own eventual A RR update, or in forming the FQDN
+ option that it sends in its REQUEST message. There is no requirement
+ that the client send identical FQDN option data in its DISCOVER and
+ REQUEST messages. In particular, if a client has sent the FQDN
+ option to its server, and the configuration of the client changes so
+ that its notion of its domain name changes, it MAY send the new name
+ data in an FQDN option when it communicates with the server again.
+ This may allow the DHCP server to update the name associated with
+ the PTR record, and, if the server updated the A record representing
+ the client, to delete that record and attempt an update for the
+ client's current domain name.
+
+ A client that delegates the responsibility for updating the FQDN to
+ IP address mapping to a server might not receive any indication
+ (either positive or negative) from the server whether the server was
+ able to perform the update. In this case the client MAY use a DNS
+ query to check whether the mapping is updated.
+
+ A client MUST set the RCODE1 and RCODE2 fields in the Client FQDN
+ option to 0 when sending the option.
+
+
+Stapp & Rekhter Expires September 2000 [Page 11]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ If a client releases its lease prior to the lease expiration time
+ and the client is responsible for updating its A RR, the client
+ SHOULD delete the A RR (following the procedures described in
+ Section 8) associated with the leased address before sending a DHCP
+ RELEASE message. Similarly, if a client was responsible for updating
+ its A RR, but is unable to renew its lease, the client SHOULD
+ attempt to delete the A RR before its lease expires. A DHCP client
+ which has not been able to delete an A RR which it added (because it
+ has lost the use of its DHCP IP address) should attempt to notify
+ its administrator.
+
+7. DHCP Server behavior
+
+ When a server receives a DHCPREQUEST message from a client, if the
+ message contains the Client FQDN option, and the server replies to
+ the message with a DHCPACK message, the server may be configured to
+ originate an update for the PTR RR (associated with the address
+ leased to the client). Any such update MUST be originated following
+ the procedures described in Section 8. The server MAY complete the
+ update before the server sends the DHCPACK message to the client. In
+ this case the RCODE from the update MUST be carried to the client in
+ the RCODE1 field of the Client FQDN option in the DHCPACK message.
+ Alternatively, the server MAY send the DHCPACK message to the client
+ without waiting for the update to be completed. In this case the
+ RCODE1 field of the Client FQDN option in the DHCPACK message MUST
+ be set to 255. The choice between the two alternatives is entirely
+ determined by the configuration of the DHCP server. Servers SHOULD
+ support both configuration options.
+
+ When a server receives a DHCPREQUEST message containing the Client
+ FQDN option, the server MUST ignore the values carried in the RCODE1
+ and RCODE2 fields of the option.
+
+ In addition, if the Client FQDN option carried in the DHCPREQUEST
+ message has the "S" bit in its Flags field set, then the server MAY
+ originate an update for the A RR (associated with the FQDN carried
+ in the option) if it is configured to do so by the site's
+ administrator, and if it has the necessary credentials. The server
+ MAY be configured to use the name supplied in the client's FQDN
+ option, or it MAY be configured to modify the supplied name, or
+ substitute a different name.
+
+ Any such update MUST be originated following the procedures
+ described in Section 8. The server MAY originate the update before
+ the server sends the DHCPACK message to the client. In this case the
+ RCODE from the update [RFC2136] MUST be carried to the client in the
+ RCODE2 field of the Client FQDN option in the DHCPACK message.
+ Alternatively the server MAY send the DHCPACK message to the client
+ without waiting for the update to be completed. In this case the
+
+
+Stapp & Rekhter Expires September 2000 [Page 12]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ RCODE2 field of the Client FQDN option in the DHCPACK message MUST
+ be set to 255. The choice between the two alternatives is entirely
+ up to the DHCP server. In either case, if the server intends to
+ perform the DNS update and the client's REQUEST message included the
+ FQDN option, the server SHOULD include the FQDN option in its ACK
+ message, and MUST set the "S" bit in the option's Flags field.
+
+ Even if the Client FQDN option carried in the DHCPREQUEST message
+ has the "S" bit in its Flags field clear (indicating that the client
+ wants to update the A RR), the server MAY be configured by the local
+ administrator to update the A RR on the client's behalf. A server
+ which is configured to override the client's preference SHOULD
+ include an FQDN option in its ACK message, and MUST set both the "O"
+ and "S" bits in the FQDN option's Flags field. The update MUST be
+ originated following the procedures described in Section 8. The
+ server MAY originate the update before the server sends the DHCPACK
+ message to the client. In this case the RCODE from the update
+ [RFC2136] MUST be carried to the client in the RCODE2 field of the
+ Client FQDN option in the DHCPACK message. Alternatively, the server
+ MAY send the DHCPACK message to the client without waiting for the
+ update to be completed. In this case the RCODE2 field of the Client
+ FQDN option in the DHCPACK message MUST be set to 255. Whether the
+ DNS update occurs before or after the DHCPACK is sent is entirely up
+ to the DHCP server's configuration.
+
+ When a DHCP server sends the Client FQDN option to a client in the
+ DHCPACK message, the DHCP server SHOULD send its notion of the
+ complete FQDN for the client in the Domain Name field. The server
+ MAY simply copy the Domain Name field from the Client FQDN option
+ that the client sent to the server in the DHCPREQUEST message. The
+ DHCP server MAY be configured to complete or modify the domain name
+ which a client sent, or it MAY be configured to substitute a
+ different name. If the server initiates a DDNS update which is not
+ complete until after the server has replied to the DHCP client, the
+ server's The server MUST use the same encoding format (ASCII or DNS
+ binary encoding) that the client used in the FQDN option in its
+ DHCPREQUEST, and MUST set the "E" bit in the option's Flags field
+ accordingly.
+
+ If a client's DHCPREQUEST message doesn't carry the Client FQDN
+ option (e.g., the client doesn't implement the Client FQDN option),
+ the server MAY be configured to update either or both of the A and
+ PTR RRs. The updates MUST be originated following the procedures
+ described in Section 8.
+
+ If a server detects that a lease on an address that the server
+ leases to a client has expired, the server SHOULD delete any PTR RR
+ which it added via dynamic update. In addition, if the server added
+ an A RR on the client's behalf, the server SHOULD also delete the A
+
+
+Stapp & Rekhter Expires September 2000 [Page 13]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ RR. The deletion MUST follow the procedures described in Section 8.
+
+ If a server terminates a lease on an address prior to the lease's
+ expiration time, for instance by sending a DHCPNAK to a client, the
+ server SHOULD delete any PTR RR which it associated with the address
+ via DNS Dynamic Update. In addition, if the server took
+ responsibility for an A RR, the server SHOULD also delete that A RR.
+ The deletion MUST follow the procedures described in Section 8.
+
+8. Procedures for performing DNS updates
+
+8.1 Adding A RRs to DNS
+
+ When a DHCP client or server intends to update an A RR, it first
+ prepares a DNS UPDATE query which includes as a prerequisite the
+ assertion that the name does not exist. The update section of the
+ query attempts to add the new name and its IP address mapping (an A
+ RR), and the DHCID RR with its unique client-identity.
+
+ If this update operation succeeds, the updater can conclude that it
+ has added a new name whose only RRs are the A and DHCID RR records.
+ The A RR update is now complete (and a client updater is finished,
+ while a server might proceed to perform a PTR RR update).
+
+ If the first update operation fails with YXDOMAIN, the updater can
+ conclude that the intended name is in use. The updater then
+ attempts to confirm that the DNS name is not being used by some
+ other host. The updater prepares a second UPDATE query in which the
+ prerequisite is that the desired name has attached to it a DHCID RR
+ whose contents match the client identity. The update section of
+ this query deletes the existing A records on the name, and adds the
+ A record that matches the DHCP binding and the DHCID RR with the
+ client identity.
+
+ If this query succeeds, the updater can conclude that the current
+ client was the last client associated with the domain name, and that
+ the name now contains the updated A RR. The A RR update is now
+ complete (and a client updater is finished, while a server would
+ then proceed to perform a PTR RR update).
+
+ If the second query fails with NXRRSET, the updater must conclude
+ that the client's desired name is in use by another host. At this
+ juncture, the updater can decide (based on some administrative
+ configuration outside of the scope of this document) whether to let
+ the existing owner of the name keep that name, and to (possibly)
+ perform some name disambiguation operation on behalf of the current
+ client, or to replace the RRs on the name with RRs that represent
+ the current client. If the configured policy allows replacement of
+ existing records, the updater submits a query that deletes the
+
+
+Stapp & Rekhter Expires September 2000 [Page 14]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ existing A RR and the existing DHCID RR, adding A and DHCID RRs that
+ represent the IP address and client-identity of the new client.
+
+
+ DISCUSSION:
+ The updating entity may be configured to allow the existing DNS
+ records on the domain name to remain unchanged, and to perform
+ disambiguation on the name of the current client in order to
+ attempt to generate a similar but unique name for the current
+ client. In this case, once another candidate name has been
+ generated, the updater should restart the process of adding an A
+ RR as specified in this section.
+
+8.2 Adding PTR RR Entries to DNS
+
+ The DHCP server submits a DNS query which deletes all of the PTR RRs
+ associated with the lease IP address, and adds a PTR RR whose data
+ is the client's (possibly disambiguated) host name. The server also
+ adds a DHCID RR specified in Section 4.3.
+
+8.3 Removing Entries from DNS
+
+ The most important consideration in removing DNS entries is be sure
+ that an entity removing a DNS entry is only removing an entry that
+ it added, or for which an administrator has explicitly assigned it
+ responsibility.
+
+ When a lease expires or a DHCP client issues a DHCPRELEASE request,
+ the DHCP server SHOULD delete the PTR RR that matches the DHCP
+ binding, if one was successfully added. The server's update query
+ SHOULD assert that the name in the PTR record matches the name of
+ the client whose lease has expired or been released.
+
+ The entity chosen to handle the A record for this client (either the
+ client or the server) SHOULD delete the A record that was added when
+ the lease was made to the client.
+
+ In order to perform this delete, the updater prepares an UPDATE
+ query which contains two prerequisites. The first prerequisite
+ asserts that the DHCID RR exists whose data is the client identity
+ described in Section 4.3. The second prerequisite asserts that the
+ data in the A RR contains the IP address of the lease that has
+ expired or been released.
+
+ If the query fails, the updater MUST NOT delete the DNS name. It
+ may be that the host whose lease on the server has expired has moved
+ to another network and obtained a lease from a different server,
+ which has caused the client's A RR to be replaced. It may also be
+ that some other client has been configured with a name that matches
+ the name of the DHCP client, and the policy was that the last client
+
+
+Stapp & Rekhter Expires September 2000 [Page 15]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ to specify the name would get the name. In this case, the DHCID RR
+ will no longer match the updater's notion of the client-identity of
+ the host pointed to by the DNS name.
+
+8.4 Updating other RRs
+
+ The procedures described in this document only cover updates to the
+ A and PTR RRs. Updating other types of RRs is outside the scope of
+ this document.
+
+9. Security Considerations
+
+ Unauthenticated updates to the DNS can lead to tremendous confusion,
+ through malicious attack or through inadvertent misconfiguration.
+ Administrators should be wary of permitting unsecured DNS updates to
+ zones which are exposed to the global Internet. Both DHCP clients
+ and servers SHOULD use some form of update request origin
+ authentication procedure (e.g., Simple Secure DNS Update[11]) when
+ performing DNS updates.
+
+ Whether a DHCP client may be responsible for updating an FQDN to IP
+ address mapping, or whether this is the responsibility of the DHCP
+ server is a site-local matter. The choice between the two
+ alternatives may be based on the security model that is used with
+ the Dynamic DNS Update protocol (e.g., only a client may have
+ sufficient credentials to perform updates to the FQDN to IP address
+ mapping for its FQDN).
+
+ Whether a DHCP server is always responsible for updating the FQDN to
+ IP address mapping (in addition to updating the IP to FQDN mapping),
+ regardless of the wishes of an individual DHCP client, is also a
+ site-local matter. The choice between the two alternatives may be
+ based on the security model that is being used with dynamic DNS
+ updates. In cases where a DHCP server is performing DNS updates on
+ behalf of a client, the DHCP server should be sure of the DNS name
+ to use for the client, and of the identity of the client.
+
+ Currently, it is difficult for DHCP servers to develop much
+ confidence in the identities of its clients, given the absence of
+ entity authentication from the DHCP protocol itself. There are many
+ ways for a DHCP server to develop a DNS name to use for a client,
+ but only in certain relatively unusual circumstances will the DHCP
+ server know for certain the identity of the client. If DHCP
+ Authentication[10] becomes widely deployed this may become more
+ customary.
+
+ One example of a situation which offers some extra assurances is one
+ where the DHCP client is connected to a network through an MCNS
+ cable modem, and the CMTS (head-end) of the cable modem ensures that
+
+
+Stapp & Rekhter Expires September 2000 [Page 16]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ MAC address spoofing simply does not occur. Another example of a
+ configuration that might be trusted is one where clients obtain
+ network access via a network access server using PPP. The NAS itself
+ might be obtaining IP addresses via DHCP, encoding a client
+ identification into the DHCP client-id option. In this case, the
+ network access server as well as the DHCP server might be operating
+ within a trusted environment, in which case the DHCP server could be
+ configured to trust that the user authentication and authorization
+ procedure of the remote access server was sufficient, and would
+ therefore trust the client identification encoded within the DHCP
+ client-id.
+
+10. Acknowledgements
+
+ Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Robert Elz, Peter
+ Ford, Edie Gunter, Andreas Gustafsson, R. Barr Hibbs, Kim Kinnear,
+ Stuart Kwan, Ted Lemon, Ed Lewis, Michael Lewis, Josh Littlefield,
+ Michael Patton, and Glenn Stump for their review and comments.
+
+References
+
+ [1] Mockapetris, P., "Domain names - Concepts and Facilities", RFC
+ 1034, Nov 1987.
+
+ [2] Mockapetris, P., "Domain names - Implementation and
+ Specification", RFC 1035, Nov 1987.
+
+ [3] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
+ March 1997.
+
+ [4] Marine, A., Reynolds, J. and G. Malkin, "FYI on Questions and
+ Answers to Commonly asked ``New Internet User'' Questions", RFC
+ 1594, March 1994.
+
+ [5] Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
+ Updates in the Domain Name System", RFC 2136, April 1997.
+
+ [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", RFC 2119, March 1997.
+
+ [7] Eastlake, D., "Domain Name System Security Extensions", RFC
+ 2535, March 1999.
+
+ [8] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671,
+ August 1999.
+
+ [9] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington,
+ "Secret Key Transaction Authentication for DNS (TSIG)
+ (draft-ietf-dnsext-tsig-*)", July 1999.
+
+
+Stapp & Rekhter Expires September 2000 [Page 17]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+ [10] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages
+ (draft-ietf-dhc-authentication-*)", June 1999.
+
+ [11] Wellington, B., "Simple Secure DNS Dynamic Updates
+ (draft-ietf-dnsext-simple-secure-update-*)", June 1999.
+
+ [12] Gustafsson, A., "A DNS RR for encoding DHCP client identity
+ (draft-ietf-dnsext-dhcid-rr-*)", October 1999.
+
+ [13] Rivest, R., "The MD5 Message Digest Algorithm", RFC 1321,
+ April 1992.
+
+Authors' Addresses
+
+ Mark Stapp
+ Cisco Systems, Inc.
+ 250 Apollo Dr.
+ Chelmsford, MA 01824
+ US
+
+ Phone: 978.244.8498
+ EMail: mjs@cisco.com
+
+ Yakov Rekhter
+ Cisco Systems, Inc.
+ 170 Tasman Dr.
+ San Jose, CA 95134
+ US
+
+ Phone: 914.235.2128
+ EMail: yakov@cisco.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Stapp & Rekhter Expires September 2000 [Page 18]
+
+Internet-Draft Interaction between DHCP and DNS March 2000
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2000). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implmentation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph
+ are included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Acknowledgement
+
+ Funding for the RFC editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Stapp & Rekhter Expires September 2000 [Page 19]
+
View Lorry Controller Status