draft-ietf-dhc-dhcpv6-fqdn-05.txt   rfc4704.txt 
DHC B. Volz Network Working Group B. Volz
Internet-Draft Cisco Systems, Inc. Request for Comments: 4704 Cisco Systems, Inc.
Expires: September 23, 2006 March 22, 2006 Category: Standards Track October 2006
The DHCPv6 Client FQDN Option
draft-ietf-dhc-dhcpv6-fqdn-05.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Client
http://www.ietf.org/ietf/1id-abstracts.txt. Fully Qualified Domain Name (FQDN) Option
The list of Internet-Draft Shadow Directories can be accessed at Status of This Memo
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 23, 2006. This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document specifies a new Dynamic Host Configuration Protocol for This document specifies a new Dynamic Host Configuration Protocol for
IPv6, DHCPv6, option which can be used to exchange information about IPv6 (DHCPv6) option that can be used to exchange information about a
a DHCPv6 client's fully-qualified domain name and about DHCPv6 client's Fully Qualified Domain Name (FQDN) and about
responsibility for updating DNS RRs related to the client's address responsibility for updating DNS resource records (RRs) related to the
assignments. client's address assignments.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology .....................................................3
3. Models of Operation . . . . . . . . . . . . . . . . . . . . . 3 3. Models of Operation .............................................3
4. The DHCPv6 Client FQDN Option . . . . . . . . . . . . . . . . 4 4. The DHCPv6 Client FQDN Option ...................................4
4.1. The Flags Field . . . . . . . . . . . . . . . . . . . . . 5 4.1. The Flags Field ............................................5
4.2. The Domain Name Field . . . . . . . . . . . . . . . . . . 6 4.2. The Domain Name Field ......................................6
5. DHCPv6 Client Behavior . . . . . . . . . . . . . . . . . . . . 6 5. DHCPv6 Client Behavior ..........................................7
5.1. Client Desires to Update AAAA RRs . . . . . . . . . . . . 7 5.1. Client Desires to Update AAAA RRs ..........................7
5.2. Client Desires Server to Do DNS Updates . . . . . . . . . 7 5.2. Client Desires Server to Do DNS Updates ....................7
5.3. Client Desires No Server DNS Updates . . . . . . . . . . . 7 5.3. Client Desires No Server DNS Updates .......................7
5.4. Domain Name and DNS Update Issues . . . . . . . . . . . . 8 5.4. Domain Name and DNS Update Issues ..........................8
6. DHCPv6 Server Behavior . . . . . . . . . . . . . . . . . . . . 9 6. DHCPv6 Server Behavior ..........................................9
6.1. When to Perform DNS Updates . . . . . . . . . . . . . . . 9 6.1. When to Perform DNS Updates ................................9
7. DNS RR TTLs . . . . . . . . . . . . . . . . . . . . . . . . . 10 7. DNS RR TTLs ....................................................10
8. DNS Update Conflicts . . . . . . . . . . . . . . . . . . . . . 11 8. DNS Update Conflicts ...........................................11
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 9. IANA Considerations ............................................11
10. Security Considerations . . . . . . . . . . . . . . . . . . . 11 10. Security Considerations .......................................12
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 11. Acknowledgements ..............................................12
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 12. References ....................................................13
12.1. Normative References . . . . . . . . . . . . . . . . . . . 12 12.1. Normative References .....................................13
12.2. Informative References . . . . . . . . . . . . . . . . . . 13 12.2. Informative References ...................................13
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 14
Intellectual Property and Copyright Statements . . . . . . . . . . 15
1. Introduction 1. Introduction
DNS ([2], [3]) maintains (among other things) the information about DNS ([2], [3]) maintains (among other things) the information about
mapping between hosts' Fully Qualified Domain Names (FQDNs) [10] and mapping between hosts' Fully Qualified Domain Names (FQDNs) [10] and
IPv6 addresses assigned to the hosts. The information is maintained IPv6 addresses assigned to the hosts. The information is maintained
in two types of Resource Records (RRs): AAAA and PTR [12]. The DNS in two types of Resource Records (RRs): AAAA and PTR [12]. The DNS
update specification ([4]) describes a mechanism that enables DNS update specification [4] describes a mechanism that enables DNS
information to be updated over a network. information to be updated over a network.
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [5] The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [5]
provides a mechanism by which a host (a DHCPv6 client) can acquire provides a mechanism by which a host (a DHCPv6 client) can acquire
certain configuration information, along with its stateful IPv6 certain configuration information, along with its stateful IPv6
address(es). This document specifies a new DHCPv6 option, the Client address(es). This document specifies a new DHCPv6 option, the Client
FQDN option, which can be used by DHCPv6 clients and servers to FQDN option, which can be used by DHCPv6 clients and servers to
exchange information about the client's fully-qualified domain name exchange information about the client's fully qualified domain name
and who has the responsibility for updating the DNS with the and about who has the responsibility for updating the DNS with the
associated AAAA and PTR RRs. associated AAAA and PTR RRs.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [1]. document are to be interpreted as described in [1].
Familiarity with the DNS Update protocol [4], DHCPv6, and DHCPv6 Familiarity with the DNS Update protocol [4] and with DHCPv6 and its
terminology as defined in [5] is assumed. terminology, as defined in [5], is assumed.
3. Models of Operation 3. Models of Operation
When a DHCPv6 client acquires an address, a site's administrator may When a DHCPv6 client acquires an address, a site's administrator may
desire that the AAAA RR for the client's FQDN and the PTR RR for the desire that the AAAA RR for the client's FQDN and the PTR RR for the
acquired address be updated. Therefore, two separate DNS update acquired address be updated. Therefore, two separate DNS update
transactions may occur. Acquiring an address via DHCPv6 involves two transactions may occur. Acquiring an address via DHCPv6 involves two
entities: a DHCPv6 client and a DHCPv6 server. In principle each of entities: a DHCPv6 client and a DHCPv6 server. In principle, each of
these entities could perform none, one, or both of the DNS update these entities could perform none, one, or both of the DNS update
transactions. However, in practice not all permutations make sense. transactions. However, in practice, not all permutations make sense.
The DHCPv6 Client FQDN option is primarily intended to operate in the The DHCPv6 Client FQDN option is primarily intended to operate in the
following two cases: following two cases:
1. DHCPv6 client updates the AAAA RR, DHCPv6 server updates the PTR 1. DHCPv6 client updates the AAAA RR; DHCPv6 server updates the PTR
RR RR.
2. DHCPv6 server updates both the AAAA and the PTR RRs
The only difference between these two cases is whether the FQDN to 2. DHCPv6 server updates both the AAAA and the PTR RRs.
IPv6 address mapping is updated by a DHCPv6 client or by a DHCPv6
server. The IPv6 address to FQDN mapping is updated by a DHCPv6 The only difference between these two cases is whether the FQDN-to-
IPv6-address mapping is updated by a DHCPv6 client or by a DHCPv6
server. The IPv6-address-to-FQDN mapping is updated by a DHCPv6
server in both cases. server in both cases.
The reason these two are important, while others are unlikely, has to The reason these two are important, while others are unlikely, has to
do with authority over the respective DNS domain names. A DHCPv6 do with authority over the respective DNS domain names. A DHCPv6
client may be given authority over mapping its own AAAA RRs, or that client may be given authority over mapping its own AAAA RRs, or that
authority may be restricted to a server to prevent the client from authority may be restricted to a server to prevent the client from
listing arbitrary addresses or associating its addresses with listing arbitrary addresses or associating its addresses with
arbitrary domain names. In all cases, the only reasonable place for arbitrary domain names. In all cases, the only reasonable place for
the authority over the PTR RRs associated with the address is in the the authority over the PTR RRs associated with the address is in the
DHCPv6 server that allocates the address. DHCPv6 server that allocates the address.
Note: A third case is supported - the client requests that the server Note: A third case is supported in which the client requests that the
perform no updates. However, this case is presumed to be rare server perform no updates. However, this case is presumed to be rare
because of the authority issues. because of the authority issues.
In any case, whether a site permits all, some, or no DHCPv6 servers In any case, whether a site permits all, some, or no DHCPv6 servers
and clients to perform DNS updates into the zones which it controls and clients to perform DNS updates into the zones that it controls is
is entirely a matter of local administrative policy. This document entirely a matter of local administrative policy. This document does
does not require any specific administrative policy, and does not not require any specific administrative policy and does not propose
propose one. The range of possible policies is very broad, from one. The range of possible policies is very broad, from sites where
sites where only the DHCPv6 servers have been given credentials that only the DHCPv6 servers have been given credentials that the DNS
the DNS servers will accept, to sites where each individual DHCPv6 servers will accept, to sites where each individual DHCPv6 client has
client has been configured with credentials which allow the client to been configured with credentials that allow the client to modify its
modify its own domain name. Compliant implementations MAY support own domain name. Compliant implementations MAY support some or all
some or all of these possibilities. Furthermore, this specification of these possibilities. Furthermore, this specification applies only
applies only to DHCPv6 client and server processes: it does not apply to DHCPv6 client and server processes: it does not apply to other
to other processes which initiate DNS updates. processes that initiate DNS updates.
This document describes a new DHCPv6 option which a client can use to This document describes a new DHCPv6 option that a client can use to
convey all or part of its domain name to a DHCPv6 server. Site- convey all or part of its domain name to a DHCPv6 server. Site-
specific policy determines whether DHCPv6 servers use the names that specific policy determines whether or not DHCPv6 servers use the
clients offer or not, and what DHCPv6 servers do in cases where names that clients offer, and what DHCPv6 servers do in cases where
clients do not supply domain names. clients do not supply domain names.
4. The DHCPv6 Client FQDN Option 4. The DHCPv6 Client FQDN Option
To update the IPv6 address to FQDN mapping a DHCPv6 server needs to To update the IPv6-address-to-FQDN mapping, a DHCPv6 server needs to
know the FQDN of the client for the addresses for the client's IA_NA know the FQDN of the client for the addresses for the client's IA_NA
bindings. To allow the client to convey its FQDN to the server this bindings. To allow the client to convey its FQDN to the server, this
document defines a new DHCPv6 option, called "Client FQDN". The document defines a new DHCPv6 option called "Client FQDN". The
Client FQDN option also contains Flags which DHCPv6 clients and Client FQDN option also contains Flags that DHCPv6 clients and
servers use to negotiate who does which updates. servers use to negotiate who does which updates.
The code for this option is TBD. Its minimum length is 1 octet. The code for this option is 39. Its minimum length is 1 octet.
The format of the DHCPv6 Client FQDN option is shown below: The format of the DHCPv6 Client FQDN option is shown below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_FQDN | option-len | | OPTION_FQDN | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| flags | | | flags | |
+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+ |
. . . .
. domain-name . . domain-name .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code OPTION_CLIENT_FQDN (TBD) option-code OPTION_CLIENT_FQDN (39)
option-len 1 + length of domain name option-len 1 + length of domain name
flags flag bits used between client and server to flags flag bits used between client and server to
negotiate who performs which updates negotiate who performs which updates
domain-name the partial or fully qualified domain name domain-name the partial or fully qualified domain name
(with length option-len - 1) (with length option-len - 1)
The Client FQDN option MUST only appear in a message's options field The Client FQDN option MUST only appear in a message's options field
skipping to change at page 5, line 43 skipping to change at page 5, line 43
4.1. The Flags Field 4.1. The Flags Field
The format of the Flags field is: The format of the Flags field is:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| MBZ |N|O|S| | MBZ |N|O|S|
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
The "S" bit indicates whether the server SHOULD or SHOULD NOT perform The "S" bit indicates whether the server SHOULD or SHOULD NOT perform
the AAAA RR (FQDN to address) DNS updates. A client sets the bit to the AAAA RR (FQDN-to-address) DNS updates. A client sets the bit to
0 to indicate the server SHOULD NOT perform the updates and 1 to 0 to indicate that the server SHOULD NOT perform the updates and 1 to
indicate the server SHOULD perform the updates. The state of the bit indicate that the server SHOULD perform the updates. The state of
in the reply from the server indicates the action to be taken by the the bit in the reply from the server indicates the action to be taken
server; if 1, the server has taken responsibility for AAAA RR updates by the server; if it is 1, the server has taken responsibility for
for the FQDN. AAAA RR updates for the FQDN.
The "O" bit indicates whether the server has overridden the client's The "O" bit indicates whether the server has overridden the client's
preference for the "S" bit. A client MUST set this bit to 0. A preference for the "S" bit. A client MUST set this bit to 0. A
server MUST set this bit to 1 if the "S" bit in its reply to the server MUST set this bit to 1 if the "S" bit in its reply to the
client does not match the "S" bit received from the client. client does not match the "S" bit received from the client.
The "N" bit indicates whether the server SHOULD NOT perform any DNS The "N" bit indicates whether the server SHOULD NOT perform any DNS
updates. A client sets this bit to 0 to request that the server updates. A client sets this bit to 0 to request that the server
SHOULD perform updates (the PTR RR and possibly the AAAA RR based on SHOULD perform updates (the PTR RR and possibly the AAAA RR based on
the "S" bit) or to 1 to request that the server SHOULD NOT perform the "S" bit) or to 1 to request that the server SHOULD NOT perform
any DNS updates. A server sets the "N" bit to indicate whether the any DNS updates. A server sets the "N" bit to indicate whether the
server SHALL (0) or SHALL NOT (1) perform DNS updates. If the "N" server SHALL (0) or SHALL NOT (1) perform DNS updates. If the "N"
bit is 1, the "S" bit MUST be 0. bit is 1, the "S" bit MUST be 0.
The remaining bits in the Flags field are reserved for future The remaining bits in the Flags field are reserved for future
assignment. DHCPv6 clients and servers which send the Client FQDN assignment. DHCPv6 clients and servers that send the Client FQDN
option MUST clear the MBZ bits, and they MUST ignore these bits. option MUST clear the MBZ bits, and they MUST ignore these bits.
4.2. The Domain Name Field 4.2. The Domain Name Field
The Domain Name part of the option carries all or part of the FQDN of The Domain Name part of the option carries all or part of the FQDN of
a DHCPv6 client. The data in the Domain Name field MUST be encoded a DHCPv6 client. The data in the Domain Name field MUST be encoded
as described in Section 8 of [5]. In order to determine whether the as described in Section 8 of [5]. In order to determine whether the
FQDN has changed between message exchanges, the client and server FQDN has changed between message exchanges, the client and server
MUST NOT alter the Domain Name field contents unless the FQDN has MUST NOT alter the Domain Name field contents unless the FQDN has
actually changed. actually changed.
A client MAY be configured with a fully-qualified domain name or with A client MAY be configured with a fully qualified domain name or with
a partial name that is not fully-qualified. If a client knows only a partial name that is not fully qualified. If a client knows only
part of its name, it MAY send a name that is not fully-qualified, part of its name, it MAY send a name that is not fully qualified,
indicating that it knows part of the name but does not necessarily indicating that it knows part of the name but does not necessarily
know the zone in which the name is to be embedded. know the zone in which the name is to be embedded.
To send a fully-qualified domain name, the Domain Name field is set To send a fully qualified domain name, the Domain Name field is set
to the DNS encoded domain name including the terminating zero-length to the DNS-encoded domain name including the terminating zero-length
label. To send a partial name, the Domain Name field is set to the label. To send a partial name, the Domain Name field is set to the
DNS encoded domain name without the terminating zero-length label. DNS-encoded domain name without the terminating zero-length label.
A client MAY also leave the Domain Name field empty if it desires the A client MAY also leave the Domain Name field empty if it desires the
server to provide a name. server to provide a name.
Servers SHOULD send the complete fully-qualified domain name in Servers SHOULD send the complete fully qualified domain name in
Client FQDN options. Client FQDN options.
5. DHCPv6 Client Behavior 5. DHCPv6 Client Behavior
The following describes the behavior of a DHCPv6 client that The following describes the behavior of a DHCPv6 client that
implements the Client FQDN option. implements the Client FQDN option.
A client MUST only include the Client FQDN option in SOLICIT, A client MUST only include the Client FQDN option in SOLICIT,
REQUEST, RENEW, or REBIND messages. REQUEST, RENEW, or REBIND messages.
A client that sends the Client FQDN option MUST also include the A client that sends the Client FQDN option MUST also include the
option in the Option Request option if it expects the server to option in the Option Request option if it expects the server to
include the Client FQDN option in any responses. include the Client FQDN option in any responses.
5.1. Client Desires to Update AAAA RRs 5.1. Client Desires to Update AAAA RRs
If a client that owns/maintains its own FQDN wants to be responsible If a client that owns/maintains its own FQDN wants to be responsible
for updating the FQDN to IPv6 address mapping for the FQDN and for updating the FQDN-to-IPv6-address mapping for the FQDN and
address(es) used by the client, the client MUST include the Client address(es) used by the client, the client MUST include the Client
FQDN option in the SOLICIT with Rapid Commit, REQUEST, RENEW, and FQDN option in the SOLICIT with Rapid Commit, REQUEST, RENEW, and
REBIND message originated by the client. A client MAY choose to REBIND message originated by the client. A client MAY choose to
include the Client FQDN option in its SOLICIT messages. The "S", include the Client FQDN option in its SOLICIT messages. The "S",
"O", and "N" bits in the Flags field in the option MUST be 0. "O", and "N" bits in the Flags field in the option MUST be 0.
Once the client's DHCPv6 configuration is completed (the client Once the client's DHCPv6 configuration is completed (the client
receives a REPLY message and successfully completes a final check on receives a REPLY message and successfully completes a final check on
the parameters passed in the message), the client MAY originate an the parameters passed in the message), the client MAY originate an
update for the AAAA RRs (associated with the client's FQDN) unless update for the AAAA RRs (associated with the client's FQDN) unless
the server has set the "S" bit to 1. If the "S" is 1, the DHCPv6 the server has set the "S" bit to 1. If the "S" is 1, the DHCPv6
client SHOULD NOT initiate an update for the name in the server's client SHOULD NOT initiate an update for the name in the server's
returned Client FQDN option Domain Name field. However, a DHCPv6 returned Client FQDN option Domain Name field. However, a DHCPv6
client that is explicitly configured with a FQDN MAY ignore the state client that is explicitly configured with a FQDN MAY ignore the state
of the "S" bit if the server's returned name matches the client's of the "S" bit if the server's returned name matches the client's
configured name. configured name.
5.2. Client Desires Server to Do DNS Updates 5.2. Client Desires Server to Do DNS Updates
A client can choose to delegate the responsibility for updating the A client can choose to delegate the responsibility for updating the
FQDN to IPv6 address mapping for the FQDN and address(es) used by the FQDN-to-IPv6-address mapping for the FQDN and address(es) used by the
client to the server. In order to inform the server of this choice, client to the server. In order to inform the server of this choice,
the client SHOULD include the Client FQDN option in its SOLICIT with the client SHOULD include the Client FQDN option in its SOLICIT with
Rapid Commit, REQUEST, RENEW, and REBIND message and MAY include the Rapid Commit, REQUEST, RENEW, and REBIND messages and MAY include the
Client FQDN option in its SOLICIT. The "S" bit in the Flags field in Client FQDN option in its SOLICIT. The "S" bit in the Flags field in
the option MUST be 1 and the "O" and "N" bits MUST be 0. the option MUST be 1, and the "O" and "N" bits MUST be 0.
5.3. Client Desires No Server DNS Updates 5.3. Client Desires No Server DNS Updates
A client can choose to request that the server perform no DNS updates A client can choose to request that the server perform no DNS updates
on its behalf. In order to inform the server of this choice, the on its behalf. In order to inform the server of this choice, the
client SHOULD include the Client FQDN option in its SOLICIT with client SHOULD include the Client FQDN option in its SOLICIT with
Rapid Commit, REQUEST, RENEW, and REBIND messages and MAY include the Rapid Commit, REQUEST, RENEW, and REBIND messages and MAY include the
Client FQDN option in its SOLICIT. The "N" bit in the Flags field in Client FQDN option in its SOLICIT. The "N" bit in the Flags field in
the option MUST be 1 and the "S" and "O" bits MUST be 0. the option MUST be 1, and the "S" and "O" bits MUST be 0.
Once the client's DHCPv6 configuration is completed (the client Once the client's DHCPv6 configuration is completed (the client
receives a REPLY message and successfully completes a final check on receives a REPLY message and successfully completes a final check on
the parameters passed in the message), the client MAY originate its the parameters passed in the message), the client MAY originate its
DNS updates provided the server's "N" bit is 1. If the server's "N" DNS updates provided the server's "N" bit is 1. If the server's "N"
bit is 0, the server MAY perform the PTR RR updates; and, MAY also bit is 0, the server MAY perform the PTR RR updates; it MAY also
perform the AAAA RR updates if the "S" bit is 1. perform the AAAA RR updates if the "S" bit is 1.
5.4. Domain Name and DNS Update Issues 5.4. Domain Name and DNS Update Issues
As there is a possibility that the DHCPv6 server is configured to As there is a possibility that the DHCPv6 server is configured to
complete or replace a domain name that the client sends, the client complete or replace a domain name that the client sends, the client
MAY find it useful to send the Client FQDN option in its SOLICIT MAY find it useful to send the Client FQDN option in its SOLICIT
messages. If the DHCPv6 server returns different Domain Name data in messages. If the DHCPv6 server returns different Domain Name data in
its ADVERTISE message, the client could use that data in performing its ADVERTISE message, the client could use that data in performing
its own eventual AAAA RR update, or in forming the Client FQDN option its own eventual AAAA RR update, or in forming the Client FQDN option
that it sends in its subsequent messages. There is no requirement that it sends in its subsequent messages. There is no requirement
that the client send identical Client FQDN option data in its that the client send identical Client FQDN option data in its
SOLICIT, REQUEST, RENEW, or REBIND messages. In particular, if a SOLICIT, REQUEST, RENEW, or REBIND messages. In particular, if a
client has sent the Client FQDN option to its server, and the client has sent the Client FQDN option to its server, and the
configuration of the client changes so that its notion of its domain configuration of the client changes so that its notion of its domain
name changes, it MAY send the new name data in a Client FQDN option name changes, it MAY send the new name data in a Client FQDN option
when it communicates with the server again. This MAY cause the when it communicates with the server again. This MAY cause the
DHCPv6 server to update the name associated with the PTR records, DHCPv6 server to update the name associated with the PTR records and,
and, if the server updated the AAAA record representing the client, if the server updated the AAAA record representing the client, to
to delete that record and attempt an update for the client's current delete that record and attempt an update for the client's current
domain name. domain name.
A client that delegates the responsibility for updating the FQDN to A client that delegates the responsibility for updating the FQDN-to-
IPv6 address mapping to a server will not receive any indication IPv6-address mapping to a server will not receive any indication
(either positive or negative) from the server whether the server was (either positive or negative) from the server as to whether the
able to perform the update. The client MAY use a DNS query to check server was able to perform the update. The client MAY use a DNS
whether the mapping is up to date. However, depending on the load on query to check whether the mapping is up to date. However, depending
the DHCPv6 and DNS servers and the DNS propagation delays, the client on the load on the DHCPv6 and DNS servers and the DNS propagation
can only infer success. If the information is not found to be up to delays, the client can only infer success. If the information is not
date in DNS, the authoritative servers might not have completed the found to be up to date in DNS, the authoritative servers might not
updates or zone transfers, or caching resolvers may yet have updated have completed the updates or zone transfers, or caching resolvers
their caches. may yet have updated their caches.
If a client releases an address prior to the expiration of the valid If a client releases an address prior to the expiration of the valid
lifetime and the client is responsible for updating its AAAA RR, the lifetime and the client is responsible for updating its AAAA RR, the
client SHOULD delete the AAAA RR associated with the address before client SHOULD delete the AAAA RR associated with the address before
sending a RELEASE message. Similarly, if a client is responsible for sending a RELEASE message. Similarly, if a client is responsible for
updating its AAAA RRs, but is unable to renew the lifetimes for an updating its AAAA RRs, but is unable to renew the lifetimes for an
address, the client SHOULD attempt to delete the AAAA RR before the address, the client SHOULD attempt to delete the AAAA RR before the
lifetime on the address is no longer valid. A DHCPv6 client which lifetime on the address is no longer valid. A DHCPv6 client that has
has not been able to delete an AAAA RR which it added SHOULD attempt not been able to delete an AAAA RR that it added SHOULD attempt to
to notify its administrator, perhaps by emitting a log message. notify its administrator, perhaps by emitting a log message.
A client SHOULD NOT perform DNS updates to AAAA RRs for its non- A client SHOULD NOT perform DNS updates to AAAA RRs for its non-
Global Unicast addresses [7] or temporary addresses [6]. Global Unicast addresses [7] or temporary addresses [6].
6. DHCPv6 Server Behavior 6. DHCPv6 Server Behavior
The following describes the behavior of a DHCPv6 server that The following describes the behavior of a DHCPv6 server that
implements the Client FQDN option when the client's message includes implements the Client FQDN option when the client's message includes
the Client FQDN option. the Client FQDN option.
Servers MUST only include a Client FQDN option in ADVERTISE and REPLY Servers MUST only include a Client FQDN option in ADVERTISE and REPLY
messages if the client included a Client FQDN option and the Client messages if the client included a Client FQDN option and the Client
FQDN option is requested by the Option Request Option in the client's FQDN option is requested by the Option Request option in the client's
message to which the server is responding. message to which the server is responding.
The server examines its configuration and the Flag bits in the The server examines its configuration and the Flag bits in the
client's Client FQDN option to determine how to respond: client's Client FQDN option to determine how to respond:
o The server sets to 0 the "S", "O", and "N" bits in its copy of the o The server sets to 0 the "S", "O", and "N" bits in its copy of the
option it will return to the client. option it will return to the client.
o If the client's "N" bit is 1 and the server's configuration allows o If the client's "N" bit is 1 and the server's configuration allows
it to honor the client's request for no server initiated DNS it to honor the client's request for no server-initiated DNS
updates, the server sets the "N" bit to 1. updates, the server sets the "N" bit to 1.
o Otherwise, if the client's "S" bit is 1 and the server's o Otherwise, if the client's "S" bit is 1 and the server's
configuration allows it to honor the client's request for the configuration allows it to honor the client's request for the
server to initiate AAAA RR DNS updates, the server sets the "S" to server to initiate AAAA RR DNS updates, the server sets the "S" to
1. If the server's "S" bit does not match the client's "S" bit, 1. If the server's "S" bit does not match the client's "S" bit,
the server sets the "O" bit to 1. the server sets the "O" bit to 1.
The server MAY be configured to use the name supplied in the client's The server MAY be configured to use the name supplied in the client's
Client FQDN option, or it MAY be configured to modify the supplied Client FQDN option, or it MAY be configured to modify the supplied
name, or substitute a different name. The server SHOULD send its name or to substitute a different name. The server SHOULD send its
notion of the complete FQDN for the client in the Domain Name field. notion of the complete FQDN for the client in the Domain Name field.
The server MAY simply copy the Domain Name field from the Client FQDN The server MAY simply copy the Domain Name field from the Client FQDN
option that the client sent to the server. option that the client sent to the server.
6.1. When to Perform DNS Updates 6.1. When to Perform DNS Updates
The server SHOULD NOT perform any DNS updates if the "N" bit is 1 in The server SHOULD NOT perform any DNS updates if the "N" bit is 1 in
the Flags field of the Client FQDN option in the REPLY messages (to the Flags field of the Client FQDN option in the REPLY messages (to
be) sent to the client. However, the server SHOULD delete any RRs be) sent to the client. However, the server SHOULD delete any RRs
which it previously added via DNS updates for the client. that it previously added via DNS updates for the client.
The server MAY perform the PTR RR DNS update (unless the "N" bit is The server MAY perform the PTR RR DNS update (unless the "N" bit is
1). 1).
The server MAY perform the AAAA RR DNS update if the "S" bit is 1 in The server MAY perform the AAAA RR DNS update if the "S" bit is 1 in
the Flags field of the Client FQDN option in the REPLY message (to the Flags field of the Client FQDN option in the REPLY message (to
be) sent to the client. be) sent to the client.
The server MAY perform these updates even if the client's message did The server MAY perform these updates even if the client's message did
not carry the Client FQDN option. The server MUST NOT initiate DNS not carry the Client FQDN option. The server MUST NOT initiate DNS
skipping to change at page 10, line 29 skipping to change at page 10, line 36
If the server previously performed DNS updates for the client and the If the server previously performed DNS updates for the client and the
client's information has not changed, the server MAY skip performing client's information has not changed, the server MAY skip performing
additional DNS updates. additional DNS updates.
When a server receives a RELEASE or DECLINE for an address, detects When a server receives a RELEASE or DECLINE for an address, detects
that the valid lifetime on an address that the server bound to a that the valid lifetime on an address that the server bound to a
client has expired, or terminates a binding on an address prior to client has expired, or terminates a binding on an address prior to
the binding's expiration time (for instance, by sending a REPLY with the binding's expiration time (for instance, by sending a REPLY with
a zero valid lifetime for an address), the server SHOULD delete any a zero valid lifetime for an address), the server SHOULD delete any
PTR RR which it associated with the address via DNS update. In PTR RR that it associated with the address via DNS update. In
addition, if the server took responsibility for AAAA RRs, the server addition, if the server took responsibility for AAAA RRs, the server
SHOULD also delete the AAAA RR. SHOULD also delete the AAAA RR.
7. DNS RR TTLs 7. DNS RR TTLs
RRs associated with DHCP clients may be more volatile than statically RRs associated with DHCP clients may be more volatile than statically
configured RRs. DHCP clients and servers that perform dynamic configured RRs. DHCP clients and servers that perform dynamic
updates should attempt to specify resource record TTLs which reflect updates should attempt to specify resource record TTLs that reflect
this volatility, in order to minimize the possibility that answers to this volatility, in order to minimize the possibility that answers to
DNS queries will return records that refer to DHCP IP address DNS queries will return records that refer to DHCP IP address
assignments that have expired or been released. assignments that have expired or been released.
The coupling among primary, secondary, and caching DNS servers is The coupling among primary, secondary, and caching DNS servers is
'loose'; that is a fundamental part of the design of the DNS. This 'loose'; that is a fundamental part of the design of the DNS. This
looseness makes it impossible to prevent all possible situations in looseness makes it impossible to prevent all possible situations in
which a resolver may return a record reflecting a DHCP assigned IP which a resolver may return a record reflecting a DHCP-assigned IP
address that has expired or been released. In deployment, this address that has expired or been released. In deployment, this
rarely, if ever, represents a significant problem. Most DHCP-managed rarely, if ever, represents a significant problem. Most DHCP-managed
clients are infrequently looked-up by name in the DNS, and the clients are infrequently looked up by name in the DNS, and the
deployment of IXFR ([13]) and NOTIFY ([14]) can reduce the latency deployment of IXFR [13] and NOTIFY [14] can reduce the latency
between updates and their visibility at secondary servers. between updates and their visibility at secondary servers.
We suggest these basic guidelines for implementers. In general, the We suggest these basic guidelines for implementers. In general, the
TTLs for RRs added as a result of DHCP IP address assignment activity TTLs for RRs added as a result of DHCP IP address assignment activity
SHOULD be less than the initial lifetime. The RR TTL on a DNS record SHOULD be less than the initial lifetime. The RR TTL on a DNS record
added SHOULD NOT exceed 1/3 of the lifetime, but SHOULD NOT be less added SHOULD NOT exceed 1/3 of the lifetime, but SHOULD NOT be less
than 10 minutes. We recognize that individual administrators will than 10 minutes. We recognize that individual administrators will
have varying requirements: DHCP servers and clients SHOULD allow have varying requirements: DHCP servers and clients SHOULD allow
administrators to configure TTLs and upper and lower bounds on the administrators to configure TTLs and upper and lower bounds on the
TTL values, either as an absolute time interval or as a percentage of TTL values, either as an absolute time interval or as a percentage of
skipping to change at page 11, line 38 skipping to change at page 11, line 43
will be prevented. If a DNS updater needs a security token in order will be prevented. If a DNS updater needs a security token in order
to successfully perform DNS updates on a specific name, name to successfully perform DNS updates on a specific name, name
conflicts can only occur if multiple updaters are given a security conflicts can only occur if multiple updaters are given a security
token for that name. Or, if the fully qualified domains are based on token for that name. Or, if the fully qualified domains are based on
the specific address bound to a client, conflicts will not occur. the specific address bound to a client, conflicts will not occur.
Or, a name conflict resolution technique as described in "Resolving Or, a name conflict resolution technique as described in "Resolving
Name Conflicts" [8]) SHOULD be used. Name Conflicts" [8]) SHOULD be used.
9. IANA Considerations 9. IANA Considerations
IANA is requested to assign a DHCPv6 option code for the Client FQDN The IANA has assigned DHCPv6 option code 39 for the Client FQDN
option. option.
10. Security Considerations 10. Security Considerations
Unauthenticated updates to the DNS can lead to tremendous confusion, Unauthenticated updates to the DNS can lead to tremendous confusion,
through malicious attack or through inadvertent misconfiguration. through malicious attack or through inadvertent misconfiguration.
Administrators need to be wary of permitting unsecured DNS updates to Administrators need to be wary of permitting unsecured DNS updates to
zones which are exposed to the global Internet. Both DHCPv6 clients zones that are exposed to the global Internet. Both DHCPv6 clients
and servers SHOULD use some form of update request origin and servers SHOULD use some form of update request origin
authentication procedure (e.g., Secure DNS Dynamic Update [11]) when authentication procedure (e.g., Secure DNS Dynamic Update [11]) when
performing DNS updates. performing DNS updates.
Whether a DHCPv6 client is responsible for updating an FQDN to IPv6 Whether a DHCPv6 client is responsible for updating an FQDN-to-IPv6-
address mapping or whether this is the responsibility of the DHCPv6 address mapping or whether this is the responsibility of the DHCPv6
server is a site-local matter. The choice between the two server is a site-local matter. The choice between the two
alternatives is likely based on the security model that is used with alternatives is likely based on the security model that is used with
the DNS update protocol (e.g., only a client may have sufficient the DNS update protocol (e.g., only a client may have sufficient
credentials to perform updates to the FQDN to IPv6 address mapping credentials to perform updates to the FQDN-to-IPv6-address mapping
for its FQDN). for its FQDN).
Whether a DHCPv6 server is always responsible for updating the FQDN Whether a DHCPv6 server is always responsible for updating the FQDN-
to IPv6 address mapping (in addition to updating the IPv6 to FQDN to-IPv6-address mapping (in addition to updating the IPv6-to-FQDN
mapping), regardless of the wishes of an individual DHCPv6 client, is mapping), regardless of the wishes of an individual DHCPv6 client, is
also a site-local matter. The choice between the two alternatives is also a site-local matter. The choice between the two alternatives is
likely based on the security model that is being used with DNS likely based on the security model that is being used with DNS
updates. In cases where a DHCPv6 server is performing DNS updates on updates. In cases where a DHCPv6 server is performing DNS updates on
behalf of a client, the DHCPv6 server SHOULD be sure of the DNS name behalf of a client, the DHCPv6 server SHOULD be sure of the DNS name
to use for the client, and of the identity of the client. to use for the client, and of the identity of the client.
Depending on the presence of or type of authentication used with the Depending on the presence of or type of authentication used with the
Authentication option, a DHCPv6 server may not have much confidence Authentication option, a DHCPv6 server may not have much confidence
in the identities of its clients. There are many ways for a DHCPv6 in the identities of its clients. There are many ways for a DHCPv6
server to develop a DNS name to use for a client, but only in certain server to develop a DNS name to use for a client, but only in certain
circumstances will the DHCPv6 server know for certain the identity of circumstances will the DHCPv6 server know for certain the identity of
the client. the client.
It is critical to implement proper conflict resolution, and the It is critical to implement proper conflict resolution, and the
security considerations of conflict resolution apply [8]. security considerations of conflict resolution apply [8].
11. Acknowledgements 11. Acknowledgements
Many thanks to Mark Stapp and Yakov Rekhter as this document is based Many thanks to Mark Stapp and Yakov Rekhter, as this document is
on the DHCPv4 Client FQDN option (draft-ietf-dhc-fqdn-option [9]). based on the DHCPv4 Client FQDN option [9], and to Ralph Droms, Ted
And, to Ralph Droms, Ted Lemon, Josh Littlefield, Kim Kinnear, Pekka Lemon, Josh Littlefield, Kim Kinnear, Pekka Savola, and Mark Stapp
Savola, and Mark Stapp for their review and comments. for their review and comments.
12. References 12. References
12.1. Normative References 12.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Mockapetris, P., "Domain names - concepts and facilities", [2] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
skipping to change at page 13, line 16 skipping to change at page 13, line 29
Updates in the Domain Name System (DNS UPDATE)", RFC 2136, Updates in the Domain Name System (DNS UPDATE)", RFC 2136,
April 1997. April 1997.
[5] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. [5] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)",
RFC 3315, July 2003. RFC 3315, July 2003.
[6] Narten, T. and R. Draves, "Privacy Extensions for Stateless [6] Narten, T. and R. Draves, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6", RFC 3041, January 2001. Address Autoconfiguration in IPv6", RFC 3041, January 2001.
[7] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) [7] Hinden, R. and S. Deering, "IP Version 6 Addressing
Addressing Architecture", RFC 3513, April 2003. Architecture", RFC 4291, February 2006.
[8] Stapp, M., "Resolution of DNS Name Conflicts Among DHCP Clients [8] Stapp, M. and B. Volz, "Resolution of Fully Qualified Domain
(draft-ietf-dhc-ddns-resolution-*.txt)", February 2006. Name (FQDN) Conflicts among Dynamic Host Configuration Protocol
(DHCP) Clients", RFC 4703, October 2006.
12.2. Informative References 12.2. Informative References
[9] Stapp, M., Volz, B., and Y. Rekhter, "The DHCP Client FQDN [9] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Option (draft-ietf-dhc-fqdn-option-*.txt)", February 2006. Configuration Protocol (DHCP) Client Fully Qualified Domain
Name (FQDN) Option", RFC 4702, October 2006.
[10] Marine, A., Reynolds, J., and G. Malkin, "FYI on Questions and [10] Marine, A., Reynolds, J., and G. Malkin, "FYI on Questions and
Answers - Answers to Commonly asked "New Internet User" Answers - Answers to Commonly asked "New Internet User"
Questions", RFC 1594, March 1994. Questions", FYI 4, RFC 1594, March 1994.
[11] Wellington, B., "Secure Domain Name System (DNS) Dynamic [11] Wellington, B., "Secure Domain Name System (DNS) Dynamic
Update", RFC 3007, November 2000. Update", RFC 3007, November 2000.
[12] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, "DNS [12] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, "DNS
Extensions to Support IP Version 6", RFC 3596, October 2003. Extensions to Support IP Version 6", RFC 3596, October 2003.
[13] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, [13] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995,
August 1996. August 1996.
skipping to change at page 14, line 14 skipping to change at page 14, line 20
Author's Address Author's Address
Bernard Volz Bernard Volz
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: +1 978 936 0382 Phone: +1 978 936 0382
Email: volz@cisco.com EMail: volz@cisco.com
Intellectual Property Statement Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 15, line 29 skipping to change at page 15, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity Acknowledgement
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 60 change blocks. 
171 lines changed or deleted 157 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/