draft-ietf-dhc-ddns-resolution-11.txt   draft-ietf-dhc-ddns-resolution-12.txt 
Dynamic Host Configuration M. Stapp Dynamic Host Configuration M. Stapp
Internet-Draft B. Volz Internet-Draft B. Volz
Expires: August 28, 2006 Cisco Systems, Inc. Expires: September 23, 2006 Cisco Systems, Inc.
February 24, 2006 March 22, 2006
Resolution of FQDN Conflicts among DHCP Clients Resolution of FQDN Conflicts among DHCP Clients
<draft-ietf-dhc-ddns-resolution-11.txt> <draft-ietf-dhc-ddns-resolution-12.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 28, 2006. This Internet-Draft will expire on September 23, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
DHCP provides a mechanism for host configuration that includes DHCP provides a mechanism for host configuration that includes
dynamic assignment of IP addresses and fully qualified domain names. dynamic assignment of IP addresses and fully qualified domain names.
To maintain accurate name to IP address and IP address to name To maintain accurate name to IP address and IP address to name
mappings in the DNS, these dynamically assigned addresses and fully mappings in the DNS, these dynamically assigned addresses and fully
qualified domain names require updates to the DNS. This document qualified domain names require updates to the DNS. This document
identifies situations in which conflicts in the use of fully identifies situations in which conflicts in the use of fully
qualified domain names may arise among DHCP clients and servers, and qualified domain names may arise among DHCP clients and servers, and
describes a strategy for the use of the DHCID DNS resource record in describes a strategy for the use of the DHCID DNS resource record in
resolving those conflicts. resolving those conflicts.
Table of Contents Table of Contents
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Issues with DNS Update in DHCP Environments . . . . . . . . . 3 3. Issues with DNS Update in DHCP Environments . . . . . . . . . 3
3.1. Client Misconfiguration . . . . . . . . . . . . . . . . . 4 3.1. Client Misconfiguration . . . . . . . . . . . . . . . . . 4
3.2. Multiple DHCP Servers . . . . . . . . . . . . . . . . . . 5 3.2. Multiple DHCP Servers . . . . . . . . . . . . . . . . . . 5
4. Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . . 5 4. Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . . 5
5. Procedures for Performing DNS Updates . . . . . . . . . . . . 6 5. Procedures for Performing DNS Updates . . . . . . . . . . . . 6
5.1. Error Return Codes . . . . . . . . . . . . . . . . . . . . 6 5.1. Error Return Codes . . . . . . . . . . . . . . . . . . . . 6
5.2. Dual IPv4/IPv6 Client Considerations . . . . . . . . . . . 6 5.2. Dual IPv4/IPv6 Client Considerations . . . . . . . . . . . 6
5.3. Adding A and/or AAAA RRs to DNS . . . . . . . . . . . . . 7 5.3. Adding A and/or AAAA RRs to DNS . . . . . . . . . . . . . 7
5.3.1. Initial DHCID RR Query . . . . . . . . . . . . . . . . 7 5.3.1. Initial DHCID RR Request . . . . . . . . . . . . . . . 7
5.3.2. DNS UPDATE When FQDN in Use . . . . . . . . . . . . . 7 5.3.2. DNS UPDATE When FQDN in Use . . . . . . . . . . . . . 7
5.3.3. FQDN in Use by another Client . . . . . . . . . . . . 8 5.3.3. FQDN in Use by another Client . . . . . . . . . . . . 8
5.4. Adding PTR RR Entries to DNS . . . . . . . . . . . . . . . 8 5.4. Adding PTR RR Entries to DNS . . . . . . . . . . . . . . . 8
5.5. Removing Entries from DNS . . . . . . . . . . . . . . . . 9 5.5. Removing Entries from DNS . . . . . . . . . . . . . . . . 9
5.6. Updating Other RRs . . . . . . . . . . . . . . . . . . . . 9 5.6. Updating Other RRs . . . . . . . . . . . . . . . . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . . 11 8.1. Normative References . . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . . 11 8.2. Informative References . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
Intellectual Property and Copyright Statements . . . . . . . . . . 14 Intellectual Property and Copyright Statements . . . . . . . . . . 14
1. Terminology 1. Introduction
"The Client FQDN Option" [8] includes a description of the operation
of [4] clients and servers that use the DHCPv4 client FQDN option.
And, "The DHCPv6 Client FQDN Option" [9] includes a description of
the operation of [5] clients and servers that use the DHCPv6 client
FQDN option. Through the use of the client FQDN option, DHCP clients
and servers can negotiate the client's FQDN and the allocation of
responsibility for updating the DHCP client's A and/or AAAA RRs.
This document identifies situations in which conflicts in the use of
FQDNs may arise among DHCP clients and servers, and describes a
strategy for the use of the DHCID DNS resource record [2] in
resolving those conflicts.
In any case, whether a site permits all, some, or no DHCP servers and
clients to perform DNS updates ([3], [10]) into the zones that it
controls is entirely a matter of local administrative policy. This
document does not require any specific administrative policy, and
does not propose one. The range of possible policies is very broad,
from sites where only the DHCP servers have been given credentials
that the DNS servers will accept, to sites where each individual DHCP
client has been configured with credentials that allow the client to
modify its own FQDN. Compliant implementations MAY support some or
all of these possibilities. Furthermore, this specification applies
only to DHCP client and server processes; it does not apply to other
processes that initiate DNS updates.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1]. document are to be interpreted as described in [1].
This document assumes familiarity with DNS terminology defined in RFC This document assumes familiarity with DNS terminology defined in [6]
1035 [6] and DHCP terminology defined in RFC 2131 [4] and RFC 3315 and DHCP terminology defined in [4] and [5].
[5].
FQDN, or Fully Qualified Domain Name, is the full name of a system, FQDN, or Fully Qualified Domain Name, is the full name of a system,
rather than just its hostname. For example, "venera" is a hostname rather than just its hostname. For example, "venera" is a hostname
and "venera.isi.edu" is an FQDN. See RFC 1983 [7]. and "venera.isi.edu" is an FQDN. See [7].
DOCSIS, or Data-Over-Cable Service Interface Specifications, is DOCSIS, or Data-Over-Cable Service Interface Specifications, is
defined by CableLabs (www.cablelabs.com). defined by CableLabs (www.cablelabs.com).
2. Introduction
"The Client FQDN Option" [8] includes a description of the operation
of DHCPv4 [4] clients and servers that use the DHCPv4 client FQDN
option. And, "The DHCPv6 Client FQDN Option" [9] includes a
description of the operation of DHCPv6 [5] clients and servers that
use the DHCPv6 client FQDN option. Through the use of the client
FQDN option, DHCP clients and servers can negotiate the client's FQDN
and the allocation of responsibility for updating the DHCP client's A
and/or AAAA RRs. This document identifies situations in which
conflicts in the use of FQDNs may arise among DHCP clients and
servers, and describes a strategy for the use of the DHCID DNS
resource record [2] in resolving those conflicts.
In any case, whether a site permits all, some, or no DHCP servers and
clients to perform DNS updates (RFC 2136 [3], RFC 3007 [10]) into the
zones that it controls is entirely a matter of local administrative
policy. This document does not require any specific administrative
policy, and does not propose one. The range of possible policies is
very broad, from sites where only the DHCP servers have been given
credentials that the DNS servers will accept, to sites where each
individual DHCP client has been configured with credentials that
allow the client to modify its own FQDN. Compliant implementations
MAY support some or all of these possibilities. Furthermore, this
specification applies only to DHCP client and server processes; it
does not apply to other processes that initiate DNS updates.
3. Issues with DNS Update in DHCP Environments 3. Issues with DNS Update in DHCP Environments
There are two DNS update situations that require special There are two DNS update situations that require special
consideration in DHCP environments: cases where more than one DHCP consideration in DHCP environments: cases where more than one DHCP
client has been configured with the same FQDN and cases where more client has been configured with the same FQDN and cases where more
than one DHCP server has been given authority to perform DNS updates than one DHCP server has been given authority to perform DNS updates
in a zone. In these cases, it is possible for DNS records to be in a zone. In these cases, it is possible for DNS records to be
modified in inconsistent ways unless the updaters have a mechanism modified in inconsistent ways unless the updaters have a mechanism
that allows them to detect anomalous situations. If DNS updaters can that allows them to detect anomalous situations. If DNS updaters can
detect these situations, site administrators can configure the detect these situations, site administrators can configure the
updaters' behavior so that the site's policies can be enforced. This updaters' behavior so that the site's policies can be enforced. This
specification describes a mechanism designed to allow updaters to specification describes a mechanism designed to allow updaters to
skipping to change at page 4, line 28 skipping to change at page 4, line 27
Administrators may wish to maintain a one-to-one relationship between Administrators may wish to maintain a one-to-one relationship between
active DHCP clients and FQDNs, and to maintain consistency between a active DHCP clients and FQDNs, and to maintain consistency between a
client's A, AAAA, and PTR RRs. Clients that are not represented in client's A, AAAA, and PTR RRs. Clients that are not represented in
the DNS, or clients that inadvertently share an FQDN with another the DNS, or clients that inadvertently share an FQDN with another
client may encounter inconsistent behavior or may not be able to client may encounter inconsistent behavior or may not be able to
obtain access to network resources. Whether each DHCP client is obtain access to network resources. Whether each DHCP client is
configured with a FQDN by its administrator or whether the DHCP configured with a FQDN by its administrator or whether the DHCP
server is configured to distribute the clients' FQDN, the consistency server is configured to distribute the clients' FQDN, the consistency
of the DNS data is entirely dependent on the accuracy of the of the DNS data is entirely dependent on the accuracy of the
configuration procedure. Sites that deploy Secure DNS [11] may configuration procedure. Sites that deploy [10] may configure
configure credentials for each client and its assigned FQDN in a way credentials for each client and its assigned FQDN in a way that is
that is more error-resistant, as both the FQDN and credentials must more error-resistant, as both the FQDN and credentials must match.
match.
Consider an example in which two DHCP clients in the "example.com" Consider an example in which two DHCP clients in the "example.com"
network are both configured with the hostname "foo". The clients are network are both configured with the hostname "foo". The clients are
permitted to perform their own DNS updates. The first client, client permitted to perform their own DNS updates. The first client, client
A, is configured via DHCP. It adds an A RR to "foo.example.com", and A, is configured via DHCP. It adds an A RR to "foo.example.com", and
its DHCP server adds a PTR RR corresponding to its assigned IP its DHCP server adds a PTR RR corresponding to its assigned IP
address. When the second client, client B, boots, it is also address. When the second client, client B, boots, it is also
configured via DHCP, and it also begins to update "foo.example.com". configured via DHCP, and it also begins to update "foo.example.com".
At this point, the "example.com" administrators may wish to establish At this point, the "example.com" administrators may wish to establish
skipping to change at page 6, line 28 skipping to change at page 6, line 26
The specific algorithm utilizing the DHCID RR to signal client The specific algorithm utilizing the DHCID RR to signal client
ownership is explained below. The algorithm only works in the case ownership is explained below. The algorithm only works in the case
where the updating entities all cooperate -- this approach is where the updating entities all cooperate -- this approach is
advisory only and is not a substitute for DNS security, nor is it advisory only and is not a substitute for DNS security, nor is it
replaced by DNS security. replaced by DNS security.
5. Procedures for Performing DNS Updates 5. Procedures for Performing DNS Updates
5.1. Error Return Codes 5.1. Error Return Codes
Certain RCODEs defined in RFC 2136 [3] indicate that the destination Certain RCODEs defined in [3] indicate that the destination DNS
DNS server cannot perform an update: FORMERR, SERVFAIL, REFUSED, server cannot perform an update, i.e., FORMERR, SERVFAIL, REFUSED,
NOTIMP. If one of these RCODEs is returned, the updater MUST NOTIMP. If one of these RCODEs is returned, the updater MUST
terminate its update attempt. Because these errors may indicate a terminate its update attempt. Other RCODEs [13] may indicate that
misconfiguration of the updater or of the DNS server, the updater MAY there are problems with the key being used and may mean to try a
attempt to signal to its administrator that an error has occurred, different key, if available, or to terminate the operation. Because
e.g. through a log message. some errors may indicate a misconfiguration of the updater or the DNS
server, the updater MAY attempt to signal to its administrator that
an error has occurred, e.g. through a log message.
5.2. Dual IPv4/IPv6 Client Considerations 5.2. Dual IPv4/IPv6 Client Considerations
At the time of publication of this document, a small minority of DHCP At the time of publication of this document, a small minority of DHCP
clients support both IPv4 and IPv6. We anticipate, however, that a clients support both IPv4 and IPv6. We anticipate, however, that a
transition will take place over a period of time, and more sites will transition will take place over a period of time, and more sites will
have dual-stack clients present. IPv6 clients require updates of have dual-stack clients present. IPv6 clients require updates of
AAAA RRs; IPv4 client require updates of A RRs. The administrators AAAA RRs; IPv4 client require updates of A RRs. The administrators
of mixed deployments will likely wish to permit a single FQDN to of mixed deployments will likely wish to permit a single FQDN to
contain A and AAAA RRs from the same client. contain A and AAAA RRs from the same client.
Sites that wish to permit a single FQDN to contain both A and AAAA Sites that wish to permit a single FQDN to contain both A and AAAA
RRs MUST make use of DHCPv4 clients and servers that support using RRs MUST make use of DHCPv4 clients and servers that support using
the DHCP Unique Identifier (DUID) for DHCPv4 client identifiers such the DHCP Unique Identifier (DUID) for DHCPv4 client identifiers such
that this DUID is used in computing the RDATA of the DHCID RR by both that this DUID is used in computing the RDATA of the DHCID RR by both
DHCPv4 and DHCPv6 for the client, see [12]. Otherwise, a dual-stack DHCPv4 and DHCPv6 for the client, see [11]. Otherwise, a dual-stack
client that uses older-style DHCPv4 client identifiers (see [4] and client that uses older-style DHCPv4 client identifiers (see [4] and
[13]) will only be able to have either its A or AAAA records in DNS [12]) will only be able to have either its A or AAAA records in DNS
under a single FQDN because of the DHCID RR conflicts that result. under a single FQDN because of the DHCID RR conflicts that result.
5.3. Adding A and/or AAAA RRs to DNS 5.3. Adding A and/or AAAA RRs to DNS
When a DHCP client or server intends to update A and/or AAAA RRs, it When a DHCP client or server intends to update A and/or AAAA RRs, it
starts with the update query in Section 5.3.1. starts with the UPDATE request in Section 5.3.1.
As the update sequence below can result in loops, implementers SHOULD As the update sequence below can result in loops, implementers SHOULD
limit the total number of attempts for a single transaction. limit the total number of attempts for a single transaction.
5.3.1. Initial DHCID RR Query 5.3.1. Initial DHCID RR Request
The updater prepares a DNS UPDATE query that includes as a The updater prepares a DNS UPDATE request that includes as a
prerequisite the assertion that the FQDN does not exist. The update prerequisite the assertion that the FQDN does not exist. The update
section of the query attempts to add the new FQDN and its IP address section of the request attempts to add the new FQDN and its IP
mapping (A and/or AAAA RRs) and the DHCID RR with its unique client address mapping (A and/or AAAA RRs) and the DHCID RR with its unique
identity. client identity.
If the update operation succeeds, the A and/or AAAA RR update is now If the UPDATE request succeeds, the A and/or AAAA RR update is now
complete (and a client updater is finished, while a server would then complete (and a client updater is finished, while a server would then
proceed to perform a PTR RR update). proceed to perform a PTR RR update).
If the update returns YXDOMAIN, the updater can now conclude that the If the response to the UPDATE returns YXDOMAIN, the updater can now
intended FQDN is in use and proceeds to Section 5.3.2. conclude that the intended FQDN is in use and proceeds to
Section 5.3.2.
If any other status is returned, the updater SHOULD NOT attempt an If any other status is returned, the updater SHOULD NOT attempt an
update (see Section 5.1). update (see Section 5.1).
5.3.2. DNS UPDATE When FQDN in Use 5.3.2. DNS UPDATE When FQDN in Use
The updater next attempts to confirm that the FQDN is not being used The updater next attempts to confirm that the FQDN is not being used
by some other client by preparing an UPDATE query in which there are by some other client by preparing an UPDATE request in which there
two prerequisites. The first prerequisite is that the FQDN exists. are two prerequisites. The first prerequisite is that the FQDN
The second is that the desired FQDN has attached to it a DHCID RR exists. The second is that the desired FQDN has attached to it a
whose contents match the client identity. The update section of the DHCID RR whose contents match the client identity. The update
UPDATE query contains: section of the UPDATE request contains:
1. A delete of any existing A RRs on the FQDN if this is an A update 1. A delete of any existing A RRs on the FQDN if this is an A update
or an AAAA update and the updater does not desire A records on or an AAAA update and the updater does not desire A records on
the FQDN or this update is adding an A and the updater only the FQDN or this update is adding an A and the updater only
desires a single IP address on the FQDN. desires a single IP address on the FQDN.
2. A delete of the existing AAAA RRs on the FQDN if the updater does 2. A delete of the existing AAAA RRs on the FQDN if the updater does
not desire AAAA records on the FQDN or this update is adding an not desire AAAA records on the FQDN or this update is adding an
AAAA and the updater only desires a single IP address on the AAAA and the updater only desires a single IP address on the
FQDN. FQDN.
3. An add (or adds) of the A RR that matches the DHCP binding if 3. An add (or adds) of the A RR that matches the DHCP binding if
skipping to change at page 8, line 17 skipping to change at page 8, line 17
4. Adds of the AAAA RRs that match the DHCP bindings if this is an 4. Adds of the AAAA RRs that match the DHCP bindings if this is an
AAAA update. AAAA update.
Whether A or AAAA RRs are deleted depends on the updater or updater's Whether A or AAAA RRs are deleted depends on the updater or updater's
policy. For example, if the updater is the client or configured as policy. For example, if the updater is the client or configured as
the only DHCP server for the link on which the client is located, the the only DHCP server for the link on which the client is located, the
updater may find it beneficial to delete all A and/or AAAA RRs and updater may find it beneficial to delete all A and/or AAAA RRs and
then add the current set of A and/or AAAA RRs, if any, for the then add the current set of A and/or AAAA RRs, if any, for the
client. client.
If the update succeeds, the updater can conclude that the current If the UPDATE request succeeds, the updater can conclude that the
client was the last client associated with the FQDN, and that the current client was the last client associated with the FQDN, and that
FQDN now contains the updated A and/or AAAA RRs. The update is now the FQDN now contains the updated A and/or AAAA RRs. The update is
complete (and a client updater is finished, while a server would then now complete (and a client updater is finished, while a server would
proceed to perform a PTR RR update). then proceed to perform a PTR RR update).
If the update returns NXDOMAIN, the FQDN is no longer in use and the If the response to the UPDATE request returns NXDOMAIN, the FQDN is
updater proceeds back to Section 5.3.1. no longer in use and the updater proceeds back to Section 5.3.1.
If the update returns NXRRSET, there are two possibilities - there If the response to the UPDATE request returns NXRRSET, there are two
are no DHCID RRs for the FQDN or the DHCID RR does not match. In possibilities - there are no DHCID RRs for the FQDN or the DHCID RR
either case, the updater proceeds to Section 5.3.3. does not match. In either case, the updater proceeds to
Section 5.3.3.
5.3.3. FQDN in Use by another Client 5.3.3. FQDN in Use by another Client
As the FQDN appears to be in use by another client or is not As the FQDN appears to be in use by another client or is not
associated with any client, the updater SHOULD either choose another associated with any client, the updater SHOULD either choose another
FQDN and restart the update process with this new FQDN or terminate FQDN and restart the update process with this new FQDN or terminate
the update with a failure. the update with a failure.
Techniques that may be considered to disambiguate FQDNs include Techniques that may be considered to disambiguate FQDNs include
adding some suffix or prefix to the hostname portion of the FQDN or adding some suffix or prefix to the hostname portion of the FQDN or
randomly generating a hostname. randomly generating a hostname.
5.4. Adding PTR RR Entries to DNS 5.4. Adding PTR RR Entries to DNS
The DHCP server submits a DNS query that deletes all of the PTR RRs The DHCP server submits a DNS UPDATE request that deletes all of the
associated with the client's assigned IP address, and adds a PTR RR PTR RRs associated with the client's assigned IP address, and adds a
whose data is the client's (possibly disambiguated) FQDN. The server PTR RR whose data is the client's (possibly disambiguated) FQDN. The
MAY also add a DHCID RR as specified in Section 4, in which case it server MAY also add a DHCID RR as specified in Section 4, in which
would include a delete of all of the DHCID RRs associated with the case it would include a delete of all of the DHCID RRs associated
client's assigned IP address, and adds a DHCID RR for the client. with the client's assigned IP address, and adds a DHCID RR for the
client.
There is no need to validate the DHCID RR for PTR updates as the DHCP There is no need to validate the DHCID RR for PTR updates as the DHCP
server (or servers) only assigns an address to a single client at a server (or servers) only assigns an address to a single client at a
time. time.
5.5. Removing Entries from DNS 5.5. Removing Entries from DNS
The most important consideration in removing DNS entries is to be The most important consideration in removing DNS entries is to be
sure that an entity removing a DNS entry is only removing an entry sure that an entity removing a DNS entry is only removing an entry
that it added, or for which an administrator has explicitly assigned that it added, or for which an administrator has explicitly assigned
it responsibility. it responsibility.
When an address' lease time or valid lifetime expires or a DHCP When an address' lease time or valid lifetime expires or a DHCP
client issues a DHCPRELEASE [4] or Release [5] request, the DHCP client issues a DHCPRELEASE [4] or Release [5] request, the DHCP
server SHOULD delete the PTR RR that matches the DHCP binding, if one server SHOULD delete the PTR RR that matches the DHCP binding, if one
was successfully added. The server's update query SHOULD assert that was successfully added. The server's UPDATE request SHOULD assert
the domain name (PTRDNAME field) in the PTR record matches the FQDN that the domain name (PTRDNAME field) in the PTR record matches the
of the client whose address has expired or been released and should FQDN of the client whose address has expired or been released and
delete all RRs for the FQDN. should delete all RRs for the FQDN.
The entity chosen to handle the A or AAAA records for this client The entity chosen to handle the A or AAAA records for this client
(either the client or the server) SHOULD delete the A or AAAA records (either the client or the server) SHOULD delete the A or AAAA records
that were added when the address was assigned to the client. that were added when the address was assigned to the client.
However, the updater should only remove the DHCID RR if there are no However, the updater should only remove the DHCID RR if there are no
A or AAAA RRs remaining for the client. A or AAAA RRs remaining for the client.
In order to perform this A or AAAA RR delete, the updater prepares an In order to perform this A or AAAA RR delete, the updater prepares an
UPDATE query that contains a prerequisite that asserts that the DHCID UPDATE request that contains a prerequisite that asserts that the
RR exists whose data is the client identity described in Section 4 DHCID RR exists whose data is the client identity described in
and contains an update section that deletes the client's specific A Section 4 and contains an update section that deletes the client's
or AAAA RR. specific A or AAAA RR.
If the query succeeds, the updater prepares a second UPDATE query If the UPDATE request succeeds, the updater prepares a second UPDATE
that contains three prerequisites and contains an update section that request that contains three prerequisites and contains an update
deletes all RRs for the FQDN. The first prerequisite asserts that section that deletes all RRs for the FQDN. The first prerequisite
the DHCID RR exists whose data is the client identity described in asserts that the DHCID RR exists whose data is the client identity
Section 4. The second prerequisite asserts that there are no A RRs. described in Section 4. The second prerequisite asserts that there
The third prerequisite asserts that there are no AAAA RRs. are no A RRs. The third prerequisite asserts that there are no AAAA
RRs.
If either query fails, the updater MUST NOT delete the FQDN. It may If either request fails, the updater MUST NOT delete the FQDN. It
be that the client whose address has expired has moved to another may be that the client whose address has expired has moved to another
network and obtained an address from a different server, which has network and obtained an address from a different server, which has
caused the client's A or AAAA RR to be replaced. Or, the DNS data caused the client's A or AAAA RR to be replaced. Or, the DNS data
may have been removed or altered by an administrator. may have been removed or altered by an administrator.
5.6. Updating Other RRs 5.6. Updating Other RRs
The procedures described in this document only cover updates to the The procedures described in this document only cover updates to the
A, AAAA, PTR, and DHCID RRs. Updating other types of RRs is outside A, AAAA, PTR, and DHCID RRs. Updating other types of RRs is outside
the scope of this document. the scope of this document.
6. Security Considerations 6. Security Considerations
Administrators should be wary of permitting unsecured DNS updates to Administrators should be wary of permitting unsecured DNS updates to
zones, whether or not they are exposed to the global Internet. Both zones, whether or not they are exposed to the global Internet. Both
DHCP clients and servers SHOULD use some form of update request DHCP clients and servers SHOULD use some form of update request
authentication (e.g., TSIG [14]) when performing DNS updates. authentication (e.g., TSIG [13]) when performing DNS updates.
Whether a DHCP client may be responsible for updating an FQDN to IP Whether a DHCP client may be responsible for updating an FQDN to IP
address mapping, or whether this is the responsibility of the DHCP address mapping, or whether this is the responsibility of the DHCP
server is a site-local matter. The choice between the two server is a site-local matter. The choice between the two
alternatives may be based on the security model that is used with the alternatives may be based on the security model that is used with the
Dynamic DNS Update protocol (e.g., only a client may have sufficient Dynamic DNS Update protocol (e.g., only a client may have sufficient
credentials to perform updates to the FQDN to IP address mapping for credentials to perform updates to the FQDN to IP address mapping for
its FQDN). its FQDN).
Whether a DHCP server is always responsible for updating the FQDN to Whether a DHCP server is always responsible for updating the FQDN to
skipping to change at page 10, line 34 skipping to change at page 10, line 35
based on the security model that is being used with dynamic DNS based on the security model that is being used with dynamic DNS
updates. In cases where a DHCP server is performing DNS updates on updates. In cases where a DHCP server is performing DNS updates on
behalf of a client, the DHCP server should be sure of the FQDN to use behalf of a client, the DHCP server should be sure of the FQDN to use
for the client, and of the identity of the client. for the client, and of the identity of the client.
Currently, it is difficult for DHCP servers to develop much Currently, it is difficult for DHCP servers to develop much
confidence in the identities of their clients, given the absence of confidence in the identities of their clients, given the absence of
entity authentication from the DHCP protocol itself. There are many entity authentication from the DHCP protocol itself. There are many
ways for a DHCP server to develop a FQDN to use for a client, but ways for a DHCP server to develop a FQDN to use for a client, but
only in certain relatively rare circumstances will the DHCP server only in certain relatively rare circumstances will the DHCP server
know for certain the identity of the client. If DHCP Authentication know for certain the identity of the client. If [14] becomes widely
[15] becomes widely deployed this may become more customary. deployed this may become more customary.
One example of a situation that offers some extra assurances is when One example of a situation that offers some extra assurances is when
the DHCP client is connected to a network through a DOCSIS cable the DHCP client is connected to a network through a DOCSIS cable
modem, and the Cable Modem Termination System (head-end) of the cable modem, and the Cable Modem Termination System (head-end) of the cable
modem ensures that MAC address spoofing simply does not occur. modem ensures that MAC address spoofing simply does not occur.
Another example of a configuration that might be trusted is when Another example of a configuration that might be trusted is when
clients obtain network access via a network access server using PPP. clients obtain network access via a network access server using PPP.
The Network Access Server (NAS) itself might be obtaining IP The Network Access Server (NAS) itself might be obtaining IP
addresses via DHCP, encoding client identification into the DHCP addresses via DHCP, encoding client identification into the DHCP
client-id option. In this case, the NAS as well as the DHCP server client-id option. In this case, the NAS as well as the DHCP server
skipping to change at page 11, line 50 skipping to change at page 12, line 5
[8] Stapp, M. and Y. Rekhter, "The DHCP Client FQDN Option [8] Stapp, M. and Y. Rekhter, "The DHCP Client FQDN Option
(draft-ietf-dhc-fqdn-option-*.txt)", February 2006. (draft-ietf-dhc-fqdn-option-*.txt)", February 2006.
[9] Volz, B., "The DHCPv6 Client FQDN Option [9] Volz, B., "The DHCPv6 Client FQDN Option
(draft-ietf-dhc-dhcpv6-fqdn-*.txt)", February 2006. (draft-ietf-dhc-dhcpv6-fqdn-*.txt)", February 2006.
[10] Wellington, B., "Secure Domain Name System (DNS) Dynamic [10] Wellington, B., "Secure Domain Name System (DNS) Dynamic
Update", RFC 3007, November 2000. Update", RFC 3007, November 2000.
[11] Eastlake, D., "Domain Name System Security Extensions", [11] Lemon, T. and B. Sommerfeld, "Node-specific Client Identifiers
RFC 2535, March 1999.
[12] Lemon, T. and B. Sommerfeld, "Node-specific Client Identifiers
for Dynamic Host Configuration Protocol Version Four (DHCPv4)", for Dynamic Host Configuration Protocol Version Four (DHCPv4)",
RFC 4361, February 2006. RFC 4361, February 2006.
[13] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor [12] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
[14] Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington, [13] Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington,
"Secret Key Transaction Authentication for DNS (TSIG)", "Secret Key Transaction Authentication for DNS (TSIG)",
RFC 2845, May 2000. RFC 2845, May 2000.
[15] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages", [14] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages",
RFC 3118, June 2001. RFC 3118, June 2001.
Authors' Addresses Authors' Addresses
Mark Stapp Mark Stapp
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
 End of changes. 37 change blocks. 
108 lines changed or deleted 110 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/