draft-ietf-dhc-ddns-resolution-06.txt   draft-ietf-dhc-ddns-resolution-07.txt 
DHC Working Group M. Stapp Dynamic Host Configuration M. Stapp
Internet-Draft Cisco Systems, Inc. Internet-Draft B. Volz
Expires: April 26, 2004 October 27, 2003 Expires: January 14, 2005 Cisco Systems, Inc.
July 16, 2004
Resolution of DNS Name Conflicts Among DHCP Clients Resolution of DNS Name Conflicts among DHCP Clients
<draft-ietf-dhc-ddns-resolution-06.txt> <draft-ietf-dhc-ddns-resolution-07.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is subject to all provisions
all provisions of Section 10 of RFC2026. of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six months
months and may be updated, replaced, or obsoleted by other documents and may be updated, replaced, or obsoleted by other documents at any
at any time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at http://
http://www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 26, 2004. This Internet-Draft will expire on January 14, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
DHCP provides a powerful mechanism for IP host configuration. DHCP provides a powerful mechanism for IP host configuration.
However, the configuration capability provided by DHCP does not However, the configuration capability provided by DHCP does not
include updating DNS, and specifically updating the name to address include updating DNS, and specifically updating the name to address
and address to name mappings maintained in the DNS. This document and address to name mappings maintained in the DNS. This document
describes techniques for the resolution of DNS name conflicts among describes techniques for the resolution of DNS name conflicts among
DHCP clients. DHCP clients.
Table of Contents Table of Contents
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Issues with DNS Update in DHCP Environments . . . . . . . . 3 3. Issues with DNS Update in DHCP Environments . . . . . . . . . 3
3.1 Client Mis-Configuration . . . . . . . . . . . . . . . . . . 4 3.1 Client Misconfiguration . . . . . . . . . . . . . . . . . 4
3.2 Multiple DHCP Servers . . . . . . . . . . . . . . . . . . . 5 3.2 Multiple DHCP Servers . . . . . . . . . . . . . . . . . . 5
4. Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . 5 4. Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . . 5
5. DNS RR TTLs . . . . . . . . . . . . . . . . . . . . . . . . 6 5. DNS RR TTLs . . . . . . . . . . . . . . . . . . . . . . . . . 6
6. Procedures for performing DNS updates . . . . . . . . . . . 6 6. Procedures for performing DNS updates . . . . . . . . . . . . 6
6.1 Error Return Codes . . . . . . . . . . . . . . . . . . . . . 6 6.1 Error Return Codes . . . . . . . . . . . . . . . . . . . . 6
6.2 Dual IPv4/IPv6 Client Considerations . . . . . . . . . . . . 6 6.2 Dual IPv4/IPv6 Client Considerations . . . . . . . . . . . 7
6.3 Adding A RRs to DNS . . . . . . . . . . . . . . . . . . . . 7 6.3 Adding A RRs to DNS . . . . . . . . . . . . . . . . . . . 7
6.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 6.3.1 Initial DHCID RR Query . . . . . . . . . . . . . . . . 7
6.3.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 6.3.2 DNS UPDATE When Name Not in Use . . . . . . . . . . . 7
6.3.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.3.3 DNS UPDATE When Name in Use . . . . . . . . . . . . . 8
6.4 Adding PTR RR Entries to DNS . . . . . . . . . . . . . . . . 8 6.3.4 Name in Use by another Client . . . . . . . . . . . . 8
6.5 Removing Entries from DNS . . . . . . . . . . . . . . . . . 8 6.4 Adding PTR RR Entries to DNS . . . . . . . . . . . . . . . 9
6.6 Updating Other RRs . . . . . . . . . . . . . . . . . . . . . 9 6.5 Removing Entries from DNS . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . 9 6.6 Updating Other RRs . . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
References . . . . . . . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
References . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Author's Address . . . . . . . . . . . . . . . . . . . . . . 11 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 11
Full Copyright Statement . . . . . . . . . . . . . . . . . . 12 9.2 Informative References . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12
Intellectual Property and Copyright Statements . . . . . . . . 13
1. Terminology 1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119[1]. document are to be interpreted as described in RFC 2119[1].
2. Introduction 2. Introduction
"The Client FQDN Option"[6] includes a description of the operation "The Client FQDN Option" [4] includes a description of the operation
of DHCP[7] clients and servers that use the client FQDN option. of DHCP [5] clients and servers that use the client FQDN option.
Through the use of the client FQDN option, DHCP clients and servers Through the use of the client FQDN option, DHCP clients and servers
can negotiate the client's FQDN and the allocation of responsibility can negotiate the client's FQDN and the allocation of responsibility
for updating the DHCP client's A or AAAA RR. This document for updating the DHCP client's A or AAAA RR. This document
identifies situations in which conflicts in the use of FQDNs may identifies situations in which conflicts in the use of FQDNs may
arise among DHCP clients, and describes a strategy for the use of arise among DHCP clients, and describes a strategy for the use of the
the DHCID DNS resource record[4] in resolving those conflicts. DHCID DNS resource record [2] in resolving those conflicts.
In any case, whether a site permits all, some, or no DHCP servers In any case, whether a site permits all, some, or no DHCP servers and
and clients to perform DNS updates (RFC 2136[5], RFC 3007[11]) into clients to perform DNS updates (RFC 2136 [3], RFC 3007 [7]) into the
the zones that it controls is entirely a matter of local zones that it controls is entirely a matter of local administrative
administrative policy. This document does not require any specific policy. This document does not require any specific administrative
administrative policy, and does not propose one. The range of policy, and does not propose one. The range of possible policies is
possible policies is very broad, from sites where only the DHCP very broad, from sites where only the DHCP servers have been given
servers have been given credentials that the DNS servers will credentials that the DNS servers will accept, to sites where each
accept, to sites where each individual DHCP client has been individual DHCP client has been configured with credentials that
configured with credentials that allow the client to modify its own allow the client to modify its own domain name. Compliant
domain name. Compliant implementations MAY support some or all of implementations MAY support some or all of these possibilities.
these possibilities. Furthermore, this specification applies only to Furthermore, this specification applies only to DHCP client and
DHCP client and server processes: it does not apply to other server processes: it does not apply to other processes that initiate
processes that initiate DNS updates. DNS updates.
3. Issues with DNS Update in DHCP Environments 3. Issues with DNS Update in DHCP Environments
There are two DNS update situations that require special There are two DNS update situations that require special
consideration in DHCP environments: cases where more than one DHCP consideration in DHCP environments: cases where more than one DHCP
client has been configured with the same FQDN, and cases where more client has been configured with the same FQDN, and cases where more
than one DHCP server has been given authority to perform DNS updates than one DHCP server has been given authority to perform DNS updates
in a zone. In these cases, it is possible for DNS records to be in a zone. In these cases, it is possible for DNS records to be
modified in inconsistent ways unless the updaters have a mechanism modified in inconsistent ways unless the updaters have a mechanism
that allows them to detect anomolous situations. If DNS updaters can that allows them to detect anomalous situations. If DNS updaters can
detect these situations, site administrators can configure the detect these situations, site administrators can configure the
updaters' behavior so that the site's policies can be enforced. We updaters' behavior so that the site's policies can be enforced. We
use the term "Name Conflict" to refer to cases where more than one use the term "Name Conflict" to refer to cases where more than one
DHCP client wishes to be associated with a single FQDN. This DHCP client wishes to be associated with a single FQDN. This
specification describes a mechanism designed to allow updaters to specification describes a mechanism designed to allow updaters to
detect these situations, and suggests that DHCP implementations use detect these situations, and suggests that DHCP implementations use
this mechanism by default. this mechanism by default.
3.1 Client Mis-Configuration 3.1 Client Misconfiguration
At many (though not all) sites, administrators wish to maintain a At many (though not all) sites, administrators wish to maintain a
one-to-one relationship between active DHCP clients and domain one-to-one relationship between active DHCP clients and domain names,
names, and to maintain consistency between a host's A and PTR RRs. and to maintain consistency between a host's A and PTR RRs. Hosts
Hosts that are not represented in the DNS, or hosts which that are not represented in the DNS, or hosts which inadvertently
inadvertently share an FQDN with another host may encounter share an FQDN with another host may encounter inconsistent behavior
inconsistent behavior or may not be able to obtain access to network or may not be able to obtain access to network resources. Whether
resources. Whether each DHCP client is configured with a domain name each DHCP client is configured with a domain name by its
by its administrator or whether the DHCP server is configured to administrator or whether the DHCP server is configured to distribute
distribute the clients' names, the consistency of the DNS data is the clients' names, the consistency of the DNS data is entirely
entirely dependent on the accuracy of the configuration procedure. dependent on the accuracy of the configuration procedure. Sites that
Sites that deploy Secure DNS[10] may configure credentials for each deploy Secure DNS [6] may configure credentials for each host and its
host and its assigned name in a way that is more error-resistant, assigned name in a way that is more error-resistant, but this level
but this level of pre-configuration is still rare in DHCP of pre-configuration is still rare in DHCP environments.
environments.
Consider an example in which two DHCP clients in the "org.nil" Consider an example in which two DHCP clients in the "org.nil"
network are both configured with the name "foo". The clients are network are both configured with the name "foo". The clients are
permitted to perform their own DNS updates. The first client, client permitted to perform their own DNS updates. The first client, client
A, is configured via DHCP. It adds an A RR to "foo.org.nil", and its A, is configured via DHCP. It adds an A RR to "foo.org.nil", and its
DHCP server adds a PTR RR corresponding to its IP address lease. DHCP server adds a PTR RR corresponding to its IP address lease.
When the second client, client B, boots, it is also configured via When the second client, client B, boots, it is also configured via
DHCP, and it also begins to update "foo.org.nil". DHCP, and it also begins to update "foo.org.nil".
At this point, the "org.nil" administrators may wish to establish At this point, the "org.nil" administrators may wish to establish
skipping to change at page 5, line 18 skipping to change at page 5, line 18
credentials to all of the DHCP clients lead to the desire for the credentials to all of the DHCP clients lead to the desire for the
DHCP servers to perform A RR updates on behalf of their clients. If DHCP servers to perform A RR updates on behalf of their clients. If
a single DHCP server managed all of the DHCP clients at a site, it a single DHCP server managed all of the DHCP clients at a site, it
could maintain some database of the DNS names that it was managing, could maintain some database of the DNS names that it was managing,
and check that database before initiating a DNS update for a client. and check that database before initiating a DNS update for a client.
Such a database is necessarily proprietary, however, and that Such a database is necessarily proprietary, however, and that
approach does not work once more than one DHCP server is deployed. approach does not work once more than one DHCP server is deployed.
Consider an example in which DHCP Client A boots, obtains a DHCP Consider an example in which DHCP Client A boots, obtains a DHCP
lease from Server S1, presenting the hostname "foo" in a Client FQDN lease from Server S1, presenting the hostname "foo" in a Client FQDN
option[6] in its DHCPREQUEST message. Server S1 updates its domain option [4] in its DHCPREQUEST message. Server S1 updates its domain
name, "foo.org.nil", adding an A RR that matches Client A's lease. name, "foo.org.nil", adding an A RR that matches Client A's lease.
The client then moves to another subnet, served by Server S2. When The client then moves to another subnet, served by Server S2. When
Client A boots on the new subnet, Server S2 will issue it a new Client A boots on the new subnet, Server S2 will issue it a new
lease, and will attempt to add an A RR matching the new lease to lease, and will attempt to add an A RR matching the new lease to
"foo.org.nil". At this point, without some communication mechanism "foo.org.nil". At this point, without some communication mechanism
which S2 can use to ask S1 (and every other DHCP server that updates which S2 can use to ask S1 (and every other DHCP server that updates
the zone) about the client, S2 has no way to know whether Client A the zone) about the client, S2 has no way to know whether Client A is
is currently associated with the domain name, or whether A is a currently associated with the domain name, or whether A is a
different client configured with the same hostname. If the servers different client configured with the same hostname. If the servers
cannot distinguish between these situations, they cannot enforce the cannot distinguish between these situations, they cannot enforce the
site's naming policies. site's naming policies.
4. Use of the DHCID RR 4. Use of the DHCID RR
A solution to both of these problems is for the updater (a DHCP A solution to both of these problems is for the updater (a DHCP
client or DHCP server) to be able to determine which DHCP client has client or DHCP server) to be able to determine which DHCP client has
been associated with a DNS name, in order to offer administrators been associated with a DNS name, in order to offer administrators the
the opportunity to configure updater behavior. opportunity to configure updater behavior.
For this purpose, a DHCID RR, specified in [4], is used to associate For this purpose, a DHCID RR, specified in [2], is used to associate
client identification information with a DNS name and the A or PTR client identification information with a DNS name and the A or PTR RR
RR associated with that name. When either a client or server adds an associated with that name. When either a client or server adds an A
A or PTR RR for a client, it also adds a DHCID RR that specifies a or PTR RR for a client, it also adds a DHCID RR that specifies a
unique client identity, based on data from the client's DHCPREQUEST unique client identity, based on data from the client's DHCPREQUEST
message. In this model, only one A RR is associated with a given DNS message. In this model, only one A RR is associated with a given DNS
name at a time. name at a time.
By associating this ownership information with each DNS name, By associating this ownership information with each DNS name,
cooperating DNS updaters may determine whether their client is cooperating DNS updaters may determine whether their client is
currently associated with a particular DNS name and implement the currently associated with a particular DNS name and implement the
appropriately configured administrative policy. In addition, DHCP appropriately configured administrative policy. In addition, DHCP
clients which currently have domain names may move from one DHCP clients which currently have domain names may move from one DHCP
server to another without losing their DNS names. server to another without losing their DNS names.
The specific algorithms utilizing the DHCID RR to signal client The specific algorithms utilizing the DHCID RR to signal client
ownership are explained below. The algorithms only work in the case ownership are explained below. The algorithms only work in the case
where the updating entities all cooperate -- this approach is where the updating entities all cooperate -- this approach is
advisory only and is not a substitute for DNS security, nor is it advisory only and is not a substitute for DNS security, nor is it
replaced by DNS security. replaced by DNS security.
5. DNS RR TTLs 5. DNS RR TTLs
RRs associated with DHCP clients may be more volatile than RRs associated with DHCP clients may be more volatile than statically
statically configured RRs. DHCP clients and servers that perform configured RRs. DHCP clients and servers that perform dynamic
dynamic updates should attempt to specify resource record TTLs which updates should attempt to specify resource record TTLs which reflect
reflect this volatility, in order to minimize the possibility that this volatility, in order to minimize the possibility that answers to
answers to DNS queries will return records that refer to DHCP lease DNS queries will return records that refer to DHCP lease bindings
bindings that have expired. that have expired.
The coupling among primary, secondary, and caching DNS servers is The coupling among primary, secondary, and caching DNS servers is
'loose'; that is a fundamental part of the design of the DNS. This 'loose'; that is a fundamental part of the design of the DNS. This
looseness makes it impossible to prevent all possible situations in looseness makes it impossible to prevent all possible situations in
which a resolver may return a record reflecting a DHCP lease binding which a resolver may return a record reflecting a DHCP lease binding
that has expired. In deployment, this rarely if ever represents a that has expired. In deployment, this rarely if ever represents a
significant problem. Most DHCP-managed hosts are rarely looked-up by significant problem. Most DHCP-managed hosts are rarely looked-up by
name in the DNS, and the deployment of IXFR (RFC 1995[14]) and name in the DNS, and the deployment of IXFR (RFC 1995 [10]) and
NOTIFY (RFC 1996[15]) can reduce the latency between updates and NOTIFY (RFC 1996 [11]) can reduce the latency between updates and
their visibility at secondary servers. their visibility at secondary servers.
We suggest these basic guidelines for implementors. In general, the We suggest these basic guidelines for implementers. In general, the
TTLs for RRs added as a result of DHCP lease activity SHOULD be less TTLs for RRs added as a result of DHCP lease activity SHOULD be less
than the initial lease time. The RR TTL on a DNS record added for a than the initial lease time. The RR TTL on a DNS record added for a
DHCP lease SHOULD NOT exceed 1/3 of the lease time, and SHOULD be at DHCP lease SHOULD NOT exceed 1/3 of the lease time, and SHOULD be at
least 10 minutes. We recognize that individual administrators will least 10 minutes. We recognize that individual administrators will
have varying requirements: DHCP servers and clients SHOULD allow have varying requirements: DHCP servers and clients SHOULD allow
administrators to configure TTLs, either as an absolute time administrators to configure TTLs, either as an absolute time interval
interval or as a percentage of the lease time. or as a percentage of the lease time.
6. Procedures for performing DNS updates 6. Procedures for performing DNS updates
6.1 Error Return Codes 6.1 Error Return Codes
Certain RCODEs defined in RFC 2136[5] indicate that the destination Certain RCODEs defined in RFC 2136 [3] indicate that the destination
DNS server cannot perform an update: FORMERR, SERVFAIL, REFUSED, DNS server cannot perform an update: FORMERR, SERVFAIL, REFUSED,
NOTIMP. If one of these RCODEs is returned, the updater MUST NOTIMP. If one of these RCODEs is returned, the updater MUST
terminate its update attempt. Because these errors may indicate a terminate its update attempt. Because these errors may indicate a
misconfiguration of the updater or of the DNS server, the updater misconfiguration of the updater or of the DNS server, the updater MAY
MAY attempt to signal to its administrator that an error has attempt to signal to its administrator that an error has occurred,
occurred, e.g. through a log message. e.g. through a log message.
6.2 Dual IPv4/IPv6 Client Considerations 6.2 Dual IPv4/IPv6 Client Considerations
At the time of publication of this document, a small minority of At the time of publication of this document, a small minority of DHCP
DHCP clients support both IPv4 and IPv6. We anticipate, however, clients support both IPv4 and IPv6. We anticipate, however, that a
that a transition will take place over a period of time, and more transition will take place over a period of time, and more sites will
sites will have dual-stack clients present. IPv6 clients will be have dual-stack clients present. IPv6 clients will be represented by
represented by AAAA RRs; IPv4 clients by A RRs. The administrators AAAA RRs; IPv4 clients by A RRs. The administrators of some mixed
of some mixed deployments may wish to permit a single name to deployments may wish to permit a single name to contain A and AAAA
contain A and AAAA RRs from different clients. Other deployments may RRs from different clients. Other deployments may wish to restrict
wish to restrict the use of a DNS name to a single DHCP client, and the use of a DNS name to a single DHCP client, and allow only A and
allow only A and AAAA RRs reflecting that client's DHCP leases. AAAA RRs reflecting that client's DHCP leases.
6.3 Adding A RRs to DNS 6.3 Adding A RRs to DNS
6.3.1 6.3.1 Initial DHCID RR Query
When a DHCP client or server intends to update an A RR, it performs When a DHCP client or server intends to update an A RR, it performs a
a DNS query with QNAME of the target name, and QTYPE is DHCID. If DNS query with QNAME of the target name and with QTYPE of DHCID.
the result is NXDOMAIN, the updater can conclude that the name is
not in use. In that case, the updater prepares a DNS UPDATE query
that includes as a prerequisite the assertion that the name does not
exist. The update section of the query attempts to add the new name
and its IP address mapping (an A RR), and the DHCID RR with its
unique client-identity.
If the query returns with NODATA, the updater can conclude that the If the query returns NXDOMAIN, the updater can conclude that the name
target name is in use, but that no DHCID RR is present. This is not in use and proceeds to Section 6.3.2.
indicates that some records have been configured by an
administrator. Whether the updater proceeds with an update is a
matter of local administrative policy.
If the DHCID rrset is returned, the updater uses the hash If the query returns NODATA, the updater can conclude that the target
calculation defined in the DHCID RR specification[4] to determine name is in use, but that no DHCID RR is present. This indicates that
whether the client associated with the name matches the current some records have been configured by an administrator. Whether the
client's identity. If so, the updater proceeds following the steps updater proceeds with an update is a matter of local administrative
in [subsection xxx]. policy.
If the DHCID rrset is returned, the updater uses the hash calculation
defined in the DHCID RR specification [4] to determine whether the
client associated with the name matches the current client's
identity. If so, the updater proceeds to Section 6.3.3. Otherwise
the updater must conclude that the client's desired name is in use by
another host and proceeds to Section 6.3.4.
If any other status is returned, the updater MUST NOT attempt an If any other status is returned, the updater MUST NOT attempt an
update. update.
6.3.2 6.3.2 DNS UPDATE When Name Not in Use
If the update operation in Section 6.3.1 fails with YXDOMAIN, the The updater prepares a DNS UPDATE query that includes as a
updater can conclude that the intended name is in use. The updater prerequisite the assertion that the name does not exist. The update
then attempts to confirm that the DNS name is not being used by some section of the query attempts to add the new name and its IP address
other host. The updater prepares a second UPDATE query in which the mapping (an A RR), and the DHCID RR with its unique client-identity.
prerequisite is that the desired name has attached to it a DHCID RR
whose contents match the client identity. The update section of
this query deletes the existing A records on the name, and adds the
A record that matches the DHCP binding and the DHCID RR with the
client identity.
If this query succeeds, the updater can conclude that the current If the update operation succeeds, the A RR update is now complete
(and a client updater is finished, while a server would then proceed
to perform a PTR RR update).
If the update returns YXDOMAIN, the updater can now conclude that the
intended name is in use and proceeds to Section 6.3.3.
6.3.3 DNS UPDATE When Name in Use
The updater next attempts to confirm that the DNS name is not being
used by some other host. The updater prepares a UPDATE query in
which the prerequisite is that the desired name has attached to it a
DHCID RR whose contents match the client identity. The update
section of this query deletes the existing A records on the name, and
adds the A record that matches the DHCP binding and the DHCID RR with
the client identity.
If the update succeeds, the updater can conclude that the current
client was the last client associated with the domain name, and that client was the last client associated with the domain name, and that
the name now contains the updated A RR. The A RR update is now the name now contains the updated A RR. The A RR update is now
complete (and a client updater is finished, while a server would complete (and a client updater is finished, while a server would then
then proceed to perform a PTR RR update). proceed to perform a PTR RR update).
6.3.3 If the update returns NXRRSET, the updater must conclude that the
client's desired name is in use by another host and proceeds to
Section 6.3.3.
If the second query fails with NXRRSET, the updater must conclude 6.3.4 Name in Use by another Client
that the client's desired name is in use by another host. At this
juncture, the updater can decide (based on some administrative At this juncture, the updater can decide (based on some
configuration outside of the scope of this document) whether to let administrative configuration outside of the scope of this document)
the existing owner of the name keep that name, and to (possibly) whether to let the existing owner of the name keep that name, and to
perform some name disambiguation operation on behalf of the current (possibly) perform some name disambiguation operation on behalf of
client, or to replace the RRs on the name with RRs that represent the current client, or to replace the RRs on the name with RRs that
the current client. If the configured policy allows replacement of represent the current client. If the configured policy allows
existing records, the updater submits a query that deletes the replacement of existing records, the updater submits a query that
existing A RR and the existing DHCID RR, adding A and DHCID RRs that deletes the existing A RR and the existing DHCID RR, adding A and
represent the IP address and client-identity of the new client. DHCID RRs that represent the IP address and client-identity of the
new client.
DISCUSSION: DISCUSSION:
The updating entity may be configured to allow the existing DNS The updating entity may be configured to allow the existing DNS
records on the domain name to remain unchanged, and to perform records on the domain name to remain unchanged, and to perform
disambiguation on the name of the current client in order to disambiguation on the name of the current client in order to
attempt to generate a similar but unique name for the current attempt to generate a similar but unique name for the current
client. In this case, once another candidate name has been client. In this case, once another candidate name has been
generated, the updater should restart the process of adding an A generated, the updater should restart the process of adding an A
RR as specified in this section. RR as specified in this section.
6.4 Adding PTR RR Entries to DNS 6.4 Adding PTR RR Entries to DNS
The DHCP server submits a DNS query that deletes all of the PTR RRs The DHCP server submits a DNS query that deletes all of the PTR RRs
associated with the lease IP address, and adds a PTR RR whose data associated with the lease IP address, and adds a PTR RR whose data is
is the client's (possibly disambiguated) host name. The server MAY the client's (possibly disambiguated) host name. The server MAY also
also add a DHCID RR as specified in Section 4. add a DHCID RR as specified in Section 4.
6.5 Removing Entries from DNS 6.5 Removing Entries from DNS
The most important consideration in removing DNS entries is be sure The most important consideration in removing DNS entries is be sure
that an entity removing a DNS entry is only removing an entry that that an entity removing a DNS entry is only removing an entry that it
it added, or for which an administrator has explicitly assigned it added, or for which an administrator has explicitly assigned it
responsibility. responsibility.
When a lease expires or a DHCP client issues a DHCPRELEASE request, When a lease expires or a DHCP client issues a DHCPRELEASE request,
the DHCP server SHOULD delete the PTR RR that matches the DHCP the DHCP server SHOULD delete the PTR RR that matches the DHCP
binding, if one was successfully added. The server's update query binding, if one was successfully added. The server's update query
SHOULD assert that the name in the PTR record matches the name of SHOULD assert that the name in the PTR record matches the name of the
the client whose lease has expired or been released. client whose lease has expired or been released.
The entity chosen to handle the A record for this client (either the The entity chosen to handle the A record for this client (either the
client or the server) SHOULD delete the A record that was added when client or the server) SHOULD delete the A record that was added when
the lease was made to the client. the lease was made to the client.
In order to perform this delete, the updater prepares an UPDATE In order to perform this delete, the updater prepares an UPDATE query
query that contains two prerequisites. The first prerequisite that contains two prerequisites. The first prerequisite asserts that
asserts that the DHCID RR exists whose data is the client identity the DHCID RR exists whose data is the client identity described in
described in Section 4. The second prerequisite asserts that the Section 4. The second prerequisite asserts that the data in the A RR
data in the A RR contains the IP address of the lease that has contains the IP address of the lease that has expired or been
expired or been released. released.
If the query fails, the updater MUST NOT delete the DNS name. It If the query fails, the updater MUST NOT delete the DNS name. It may
may be that the client whose lease on has expired has moved to be that the client whose lease on has expired has moved to another
another network and obtained a lease from a different server, which network and obtained a lease from a different server, which has
has caused the client's A RR to be replaced. It may also be that caused the client's A RR to be replaced. It may also be that some
some other client has been configured with a name that matches the other client has been configured with a name that matches the name of
name of the DHCP client, and the policy was that the last client to the DHCP client, and the policy was that the last client to specify
specify the name would get the name. In these cases, the DHCID RR the name would get the name. In these cases, the DHCID RR will no
will no longer match the updater's notion of the client-identity of longer match the updater's notion of the client-identity of the host
the host pointed to by the DNS name. pointed to by the DNS name.
6.6 Updating Other RRs 6.6 Updating Other RRs
The procedures described in this document only cover updates to the The procedures described in this document only cover updates to the A
A and PTR RRs. Updating other types of RRs is outside the scope of and PTR RRs. Updating other types of RRs is outside the scope of
this document. this document.
7. Security Considerations 7. Security Considerations
Unauthenticated updates to the DNS can lead to tremendous confusion, Unauthenticated updates to the DNS can lead to tremendous confusion,
through malicious attack or through inadvertent misconfiguration. through malicious attack or through inadvertent misconfiguration.
Administrators should be wary of permitting unsecured DNS updates to Administrators should be wary of permitting unsecured DNS updates to
zones that are exposed to the global Internet. Both DHCP clients and zones that are exposed to the global Internet. Both DHCP clients and
servers SHOULD use some form of update request authentication (e.g., servers SHOULD use some form of update request authentication (e.g.,
TSIG[12]) when performing DNS updates. TSIG [8]) when performing DNS updates.
Whether a DHCP client may be responsible for updating an FQDN to IP Whether a DHCP client may be responsible for updating an FQDN to IP
address mapping, or whether this is the responsibility of the DHCP address mapping, or whether this is the responsibility of the DHCP
server is a site-local matter. The choice between the two server is a site-local matter. The choice between the two
alternatives may be based on the security model that is used with alternatives may be based on the security model that is used with the
the Dynamic DNS Update protocol (e.g., only a client may have Dynamic DNS Update protocol (e.g., only a client may have sufficient
sufficient credentials to perform updates to the FQDN to IP address credentials to perform updates to the FQDN to IP address mapping for
mapping for its FQDN). its FQDN).
Whether a DHCP server is always responsible for updating the FQDN to Whether a DHCP server is always responsible for updating the FQDN to
IP address mapping (in addition to updating the IP to FQDN mapping), IP address mapping (in addition to updating the IP to FQDN mapping),
regardless of the wishes of an individual DHCP client, is also a regardless of the wishes of an individual DHCP client, is also a
site-local matter. The choice between the two alternatives may be site-local matter. The choice between the two alternatives may be
based on the security model that is being used with dynamic DNS based on the security model that is being used with dynamic DNS
updates. In cases where a DHCP server is performing DNS updates on updates. In cases where a DHCP server is performing DNS updates on
behalf of a client, the DHCP server should be sure of the DNS name behalf of a client, the DHCP server should be sure of the DNS name to
to use for the client, and of the identity of the client. use for the client, and of the identity of the client.
Currently, it is difficult for DHCP servers to develop much Currently, it is difficult for DHCP servers to develop much
confidence in the identities of their clients, given the absence of confidence in the identities of their clients, given the absence of
entity authentication from the DHCP protocol itself. There are many entity authentication from the DHCP protocol itself. There are many
ways for a DHCP server to develop a DNS name to use for a client, ways for a DHCP server to develop a DNS name to use for a client, but
but only in certain relatively rare circumstances will the DHCP only in certain relatively rare circumstances will the DHCP server
server know for certain the identity of the client. If DHCP know for certain the identity of the client. If DHCP Authentication
Authentication[13] becomes widely deployed this may become more [9] becomes widely deployed this may become more customary.
customary.
One example of a situation that offers some extra assurances is one One example of a situation that offers some extra assurances is one
where the DHCP client is connected to a network through an MCNS where the DHCP client is connected to a network through an MCNS cable
cable modem, and the CMTS (head-end) of the cable modem ensures that modem, and the CMTS (head-end) of the cable modem ensures that MAC
MAC address spoofing simply does not occur. Another example of a address spoofing simply does not occur. Another example of a
configuration that might be trusted is one where clients obtain configuration that might be trusted is one where clients obtain
network access via a network access server using PPP. The NAS itself network access via a network access server using PPP. The NAS itself
might be obtaining IP addresses via DHCP, encoding a client might be obtaining IP addresses via DHCP, encoding a client
identification into the DHCP client-id option. In this case, the identification into the DHCP client-id option. In this case, the
network access server as well as the DHCP server might be operating network access server as well as the DHCP server might be operating
within a trusted environment, in which case the DHCP server could be within a trusted environment, in which case the DHCP server could be
configured to trust that the user authentication and authorization configured to trust that the user authentication and authorization
processing of the remote access server was sufficient, and would processing of the remote access server was sufficient, and would
therefore trust the client identification encoded within the DHCP therefore trust the client identification encoded within the DHCP
client-id. client-id.
8. Acknowledgements 8. Acknowledgements
Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Robert Elz, Peter Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Robert Elz, Peter
Ford, Olafur Gudmundsson, Edie Gunter, Andreas Gustafsson, R. Barr Ford, Olafur Gudmundsson, Edie Gunter, Andreas Gustafsson, R. Barr
Hibbs, Kim Kinnear, Stuart Kwan, Ted Lemon, Ed Lewis, Michael Lewis, Hibbs, Kim Kinnear, Stuart Kwan, Ted Lemon, Ed Lewis, Michael Lewis,
Josh Littlefield, Michael Patton, Glenn Stump, and Bernie Volz for Josh Littlefield, Michael Patton, and Glenn Stump for their review
their review and comments. and comments.
Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 9. References
Levels", RFC 2119, March 1997.
[2] Mockapetris, P., "Domain names - Concepts and Facilities", RFC 9.1 Normative References
1034, Nov 1987.
[3] Mockapetris, P., "Domain names - Implementation and [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Specification", RFC 1035, Nov 1987. Levels", BCP 14, RFC 2119, March 1997.
[4] Stapp, M., Gustafsson, A. and T. Lemon, "A DNS RR for Encoding [2] Stapp, M., Gustafsson, A. and T. Lemon, "A DNS RR for Encoding
DHCP Information (draft-ietf-dnsext-dhcid-rr-*)", October 2003. DHCP Information (draft-ietf-dnsext-dhcid-rr-*)", July 2004.
[5] Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic [3] Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
Updates in the Domain Name System", RFC 2136, April 1997. Updates in the Domain Name System (DNS UPDATE)", RFC 2136, April
1997.
Informative References 9.2 Informative References
[6] Stapp, M. and Y. Rekhter, "The DHCP Client FQDN Option [4] Stapp, M. and Y. Rekhter, "The DHCP Client FQDN Option
(draft-ietf-dhc-fqdn-option-*.txt)", October 2003. (draft-ietf-dhc-fqdn-option-*.txt)", July 2004.
[7] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [5] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[8] Rivest, R., "The MD5 Message Digest Algorithm", RFC 1321, [6] Eastlake, D., "Domain Name System Security Extensions", RFC
April 1992.
[9] Marine, A., Reynolds, J. and G. Malkin, "FYI on Questions and
Answers to Commonly asked ``New Internet User'' Questions",
RFC 1594, March 1994.
[10] Eastlake, D., "Domain Name System Security Extensions", RFC
2535, March 1999. 2535, March 1999.
[11] Wellington, B., "Secure Domain Name System (DNS) Dynamic [7] Wellington, B., "Secure Domain Name System (DNS) Dynamic
Update", RFC 3007, November 2000. Update", RFC 3007, November 2000.
[12] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington, [8] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington,
"Secret Key Transaction Authentication for DNS (TSIG)", RFC "Secret Key Transaction Authentication for DNS (TSIG)", RFC
2845, May 2000. 2845, May 2000.
[13] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages", [9] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages",
RFC 3118, June 2001. RFC 3118, June 2001.
[14] Ohta, M., "Incremental Zone Transfer", RFC 1995, August 1996. [10] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, August
1996.
[15] Vixie, P., "A Mechanism for Prompt Notification of Zone [11] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes
Changes (DNS NOTIFY)", RFC 1996, August 1996. (DNS NOTIFY)", RFC 1996, August 1996.
Author's Address Authors' Addresses
Mark Stapp Mark Stapp
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: 978.936.1535 Phone: 978.936.1535
EMail: mjs@cisco.com EMail: mjs@cisco.com
Full Copyright Statement Bernie Volz
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MA 01719
USA
Copyright (C) The Internet Society (2003). All Rights Reserved. Phone: 978.936.0382
EMail: volz@cisco.com
This document and translations of it may be copied and furnished to Intellectual Property Statement
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be The IETF takes no position regarding the validity or scope of any
revoked by the Internet Society or its successors or assigns. Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
This document and the information contained herein is provided on an Copies of IPR disclosures made to the IETF Secretariat and any
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING assurances of licenses to be made available, or the result of an
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING attempt made to obtain a general license or permission for the use of
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION such proprietary rights by implementers or users of this
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF specification can be obtained from the IETF on-line IPR repository at
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. http://www.ietf.org/ipr.
Acknowledgement The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Funding for the RFC editor function is currently provided by the Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/