draft-ietf-dhc-fqdn-option-02.txt   draft-ietf-dhc-fqdn-option-03.txt 
DHC Working Group M. Stapp DHC Working Group M. Stapp
Internet-Draft Cisco Systems, Inc. Internet-Draft Cisco Systems, Inc.
Expires: January 17, 2002 Y. Rekhter Expires: May 22, 2002 Y. Rekhter
Juniper Networks Juniper Networks
July 19, 2001 November 21, 2001
The DHCP Client FQDN Option The DHCP Client FQDN Option
<draft-ietf-dhc-fqdn-option-02.txt> <draft-ietf-dhc-fqdn-option-03.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 1, line 33 skipping to change at page 1, line 33
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 17, 2002. This Internet-Draft will expire on May 22, 2002.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract Abstract
DHCP provides a powerful mechanism for IP host configuration. DHCP provides a powerful mechanism for IP host configuration.
However, the configuration capability provided by DHCP does not However, the configuration capability provided by DHCP does not
include updating DNS, and specifically updating the name to address include updating DNS, and specifically updating the name to address
and address to name mappings maintained in the DNS. and address to name mappings maintained in the DNS.
This document specifies a DHCP option which can be used to exchange This document specifies a DHCP option which can be used to exchange
information about a DHCP client's fully-qualified domain name, and information about a DHCP client's fully-qualified domain name, and
about responsibility for updating DNS RRs related to the client's about responsibility for updating DNS RRs related to the client's
DHCP lease. DHCP lease.
Table of Contents Table of Contents
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Models of Operation . . . . . . . . . . . . . . . . . . . . . 3 3. Models of Operation . . . . . . . . . . . . . . . . . . . . 3
4. The Client FQDN Option . . . . . . . . . . . . . . . . . . . . 4 4. The Client FQDN Option . . . . . . . . . . . . . . . . . . . 4
4.1 The Flags Field . . . . . . . . . . . . . . . . . . . . . . . 5 4.1 The Flags Field . . . . . . . . . . . . . . . . . . . . . . 5
4.2 The RCODE Fields . . . . . . . . . . . . . . . . . . . . . . . 6 4.2 The RCODE Fields . . . . . . . . . . . . . . . . . . . . . . 6
4.3 The Domain Name Field . . . . . . . . . . . . . . . . . . . . 6 4.3 The Domain Name Field . . . . . . . . . . . . . . . . . . . 6
5. DHCP Client behavior . . . . . . . . . . . . . . . . . . . . . 7 4.3.1 Deprecated ASCII Encoding . . . . . . . . . . . . . . . . . 7
6. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . . 9 5. DHCP Client behavior . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . 11
References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 13 References . . . . . . . . . . . . . . . . . . . . . . . . . 13
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14
Full Copyright Statement . . . . . . . . . . . . . . . . . . 15
1. Terminology 1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119[1]. document are to be interpreted as described in RFC 2119[1].
2. Introduction 2. Introduction
DNS (RFC1034[2], RFC1035[3]) maintains (among other things) the DNS (RFC1034[2], RFC1035[3]) maintains (among other things) the
skipping to change at page 5, line 44 skipping to change at page 5, line 44
"S") to indicate that it will not perform any DNS updates, and that "S") to indicate that it will not perform any DNS updates, and that
it expects the DHCP server to perform any FQDN-to-IP (the A RR) DNS it expects the DHCP server to perform any FQDN-to-IP (the A RR) DNS
update on its behalf. If this bit is clear, the client indicates update on its behalf. If this bit is clear, the client indicates
that it intends to maintain its own FQDN-to-IP mapping update. that it intends to maintain its own FQDN-to-IP mapping update.
If a DHCP server intends to take responsibility for the A RR update If a DHCP server intends to take responsibility for the A RR update
whether or not the client sending the FQDN option has set the "S" whether or not the client sending the FQDN option has set the "S"
bit, it sets both the "O" bit and the "S" bit, and sends the FQDN bit, it sets both the "O" bit and the "S" bit, and sends the FQDN
option in its DHCPOFFER and/or DHCPACK messages. option in its DHCPOFFER and/or DHCPACK messages.
The data in the Domain Name field may appear in one of two formats: The data in the Domain Name field SHOULD appear in DNS-style binary
ASCII, or DNS-style binary encoding (without compression, of encoding (without compression, of course), as described in
course), as described in RFC1035[3]. A client which sends the FQDN RFC1035[3]. A client which sends the FQDN option SHOULD use this
option MUST set the "E" bit to indicate that the data in the Domain encoding. The client MUST set the "E" bit when the data in the
Name field is DNS binary encoded. If a server receives an FQDN Domain Name field is in DNS binary encoding. If a server receives an
option from a client, and intends to include an FQDN option in its FQDN option from a client, and intends to include an FQDN option in
reply, it MUST use the same encoding that the client used. The DNS its reply, it MUST use the same encoding that the client used, and
encoding is recommended. The use of ASCII-encoded domain-names is MUST set the "E" bit accordingly.
fragile, and the use of ASCII encoding in this option should be
considered deprecated. Server implementors should note that earlier draft versions of this
specification permitted an ASCII encoding of the domain name.
Clients which implemented this encoding were deployed before this
specification was completed. Server implementors which need to
support these clients should note the section on the deprecated
ASCII encoding (Section 4.3.1).
A client MAY set the "N" flag in its request messages to indicate A client MAY set the "N" flag in its request messages to indicate
that the server should not perform any DNS updates on its behalf. As that the server should not perform any DNS updates on its behalf. As
we mentioned in Section 3, we believe that in general the DHCP we mentioned in Section 3, we believe that in general the DHCP
server will be maintaining DNS PTR records on behalf of clients. server will be maintaining DNS PTR records on behalf of clients.
However, there may be deployments in which clients are configured to However, there may be deployments in which clients are configured to
perform all desired DNS updates. The server MAY be configured to perform all desired DNS updates. The server MAY be configured to
honor this configuration. If the server has been configured to honor honor this configuration. If the server has been configured to honor
a client's "N" indication, it SHOULD set the "N" bit in fqdn options a client's "N" indication, it SHOULD set the "N" bit in fqdn options
which it sends to the client in its OFFER or ACK messages. Clients which it sends to the client in its OFFER or ACK messages. Clients
skipping to change at page 6, line 47 skipping to change at page 6, line 52
Implementors should note that EDNS0 describes a mechanism for Implementors should note that EDNS0 describes a mechanism for
extending the length of a DNS RCODE to 12 bits. EDNS0 is specified extending the length of a DNS RCODE to 12 bits. EDNS0 is specified
in RFC2671[8]. Only the least-significant 8 bits of the RCODE from a in RFC2671[8]. Only the least-significant 8 bits of the RCODE from a
DNS update will be carried in the Client FQDN DHCP Option. This DNS update will be carried in the Client FQDN DHCP Option. This
provides enough number space to accomodate the RCODEs defined in the provides enough number space to accomodate the RCODEs defined in the
DNS update specification. DNS update specification.
4.3 The Domain Name Field 4.3 The Domain Name Field
The Domain Name part of the option carries all or part of the FQDN The Domain Name part of the option carries all or part of the FQDN
of a DHCP client. A client may be configured with a fully-qualified of a DHCP client. The data in the Domain Name field SHOULD appear in
domain name, or with a partial name that is not fully-qualified. If uncompressed DNS encoding as specified in RFC1035[3]. If the DHCP
a client knows only part of its name, it MAY send a single label, client uses DNS encoding, it MUST set the third bit in the Flags
indicating that it knows part of the name but does not necessarily field (the "E" bit). In order to determine whether a name has
know the zone in which the name is to be embedded. The data in the changed between message exchanges, an unambiguous canonical form is
Domain Name field may appear in one of two formats: ASCII (with no necessary. Eventually, the IETF IDN Working Group is expected to
terminating NULL), or DNS encoding as specified in RFC1035[3]. If produce a standard canonicalization specification, and this
the DHCP client wishes to use DNS encoding, it MUST set the third specification may be updated to include its standard. Until that
bit in the Flags field (the "E" bit); if it uses ASCII encoding, it time, servers and clients should be sensitive to canonicalization
MUST clear the "E" bit. when comparing names in the Domain Name field and the name
canonicalization defined in RFC2535[11] MAY be used.
A DHCP client that can only send a single label using ASCII encoding A client may be configured with a fully-qualified domain name, or
includes a series of ASCII characters in the Domain Name field, with a partial name that is not fully-qualified. If a client knows
excluding the "." (dot) character. The client SHOULD follow the only part of its name, it MAY send a name that is not
character-set recommendations of RFC1034[2] and RFC1035[3]. A client fully-qualified, indicating that it knows part of the name but does
using DNS binary encoding which wants to suggest part of its FQDN not necessarily know the zone in which the name is to be embedded. A
MAY send a non-terminal sequence of labels in the Domain Name part client which wants to convey part of its FQDN sends a non-terminal
of the option. Clients and servers should assume that the the name sequence of labels in the Domain Name part of the option. Clients
field contains a fully-qualified name unless one of these and servers should assume that the the name field contains a
partial-name conditions exists. fully-qualified name unless this partial-name format exists.
4.3.1 Deprecated ASCII Encoding
The DNS encoding specified above MUST be supported by DHCP servers.
However, a substantial population of clients implemented an earlier
version of this specification, which permitted an ASCII encoding of
the Domain Name field. Server implementations should be aware that
clients which send the FQDN option with the "E" bit clear are using
an ASCII version of the Domain Name field. Servers MAY be prepared
to return an ASCII encoded version of the Domain Name field to such
clients. The use of ASCII encoding in this option should be
considered deprecated.
A DHCP client which used ASCII encoding was permitted to suggest a
single label if it was not configured with a fully-qualified name.
Such clients send a single label as a series of ASCII characters in
the Domain Name field, excluding the "." (dot) character. Such
clients SHOULD follow the character-set recommendations of
RFC1034[2] and RFC1035[3].
Server implementors should also be aware that some client software
may attempt to use UTF-8[10] character encoding. This information is
included for informational purposes only: this specification does
not require any support for UTF-8.
5. DHCP Client behavior 5. DHCP Client behavior
The following describes the behavior of a DHCP client that The following describes the behavior of a DHCP client that
implements the Client FQDN option. implements the Client FQDN option.
Other DHCP options may carry data that is related to the Domain-Name Other DHCP options may carry data that is related to the Domain-Name
part of the FQDN option. The Host-Name option, for example, contains part of the FQDN option. The Host-Name option, for example, contains
an ASCII string representation of the client's host-name. In an ASCII string representation of the client's host-name. In
general, a client should not need to send redundant data, and general, a client should not need to send redundant data, and
therefore clients which send the FQDN option in their messages therefore clients which send the FQDN option in their messages MUST
SHOULD NOT also send the Host-Name option. Clients which receive NOT also send the Host-Name option. Clients which receive both the
both the Host-Name option and the FQDN option from a server SHOULD Host-Name option and the FQDN option from a server SHOULD prefer
prefer FQDN option data. Servers will be asked in Section 6 to FQDN option data. Servers will be asked in Section 6 to ignore the
ignore the Host-Name option in client messages which include the Host-Name option in client messages which include the FQDN option.
FQDN option.
If a client that owns/maintains its own FQDN wants to be responsible If a client that owns/maintains its own FQDN wants to be responsible
for updating the FQDN to IP address mapping for the FQDN and for updating the FQDN to IP address mapping for the FQDN and
address(es) used by the client, then the client MUST include the address(es) used by the client, then the client MUST include the
Client FQDN option in the DHCPREQUEST message originated by the Client FQDN option in the DHCPREQUEST message originated by the
client. A DHCP client MAY choose to include the Client FQDN option client. A DHCP client MAY choose to include the Client FQDN option
in its DISCOVER messages as well as its REQUEST messages. The in its DISCOVER messages as well as its REQUEST messages. The
least-significant ("S") bit in the Flags field in the option MUST be least-significant ("S") bit in the Flags field in the option MUST be
set to 0. Once the client's DHCP configuration is completed (the set to 0. Once the client's DHCP configuration is completed (the
client receives a DHCPACK message, and successfully completes a client receives a DHCPACK message, and successfully completes a
skipping to change at page 9, line 41 skipping to change at page 10, line 21
originate an update for the A RR (associated with the FQDN carried originate an update for the A RR (associated with the FQDN carried
in the option) if it is configured to do so by the site's in the option) if it is configured to do so by the site's
administrator, and if it has the necessary credentials. The server administrator, and if it has the necessary credentials. The server
MAY be configured to use the name supplied in the client's FQDN MAY be configured to use the name supplied in the client's FQDN
option, or it MAY be configured to modify the supplied name, or option, or it MAY be configured to modify the supplied name, or
substitute a different name. substitute a different name.
Any such update SHOULD be originated following the procedures Any such update SHOULD be originated following the procedures
described in "Resolving Name Conflicts"[7]. The server MAY originate described in "Resolving Name Conflicts"[7]. The server MAY originate
the update before the server sends the DHCPACK message to the the update before the server sends the DHCPACK message to the
client. In this case the RCODE from the update [RFC2136] MUST be client. In this case the RCODE from the update RFC2136[5] MUST be
carried to the client in the RCODE2 field of the Client FQDN option carried to the client in the RCODE2 field of the Client FQDN option
in the DHCPACK message. Alternatively the server MAY send the in the DHCPACK message. Alternatively the server MAY send the
DHCPACK message to the client without waiting for the update to be DHCPACK message to the client without waiting for the update to be
completed. In this case the RCODE2 field of the Client FQDN option completed. In this case the RCODE2 field of the Client FQDN option
in the DHCPACK message MUST be set to 255. The choice between the in the DHCPACK message MUST be set to 255. The choice between the
two alternatives is entirely a matter of the DHCP server's two alternatives is entirely a matter of the DHCP server's
configuration. In either case, if the server intends to perform the configuration. In either case, if the server intends to perform the
DNS update and the client's REQUEST message included the FQDN DNS update and the client's REQUEST message included the FQDN
option, the server SHOULD include the FQDN option in its ACK option, the server SHOULD include the FQDN option in its ACK
message. If the server includes the FQDN option, it MUST set the "S" message. If the server includes the FQDN option, it MUST set the "S"
skipping to change at page 10, line 15 skipping to change at page 10, line 44
Even if the Client FQDN option carried in the DHCPREQUEST message Even if the Client FQDN option carried in the DHCPREQUEST message
has the "S" bit in its Flags field clear (indicating that the client has the "S" bit in its Flags field clear (indicating that the client
wants to update the A RR), the server MAY be configured by the local wants to update the A RR), the server MAY be configured by the local
administrator to update the A RR on the client's behalf. A server administrator to update the A RR on the client's behalf. A server
which is configured to override the client's preference SHOULD which is configured to override the client's preference SHOULD
include an FQDN option in its ACK message, and MUST set both the "O" include an FQDN option in its ACK message, and MUST set both the "O"
and "S" bits in the FQDN option's Flags field. The update SHOULD be and "S" bits in the FQDN option's Flags field. The update SHOULD be
originated following the procedures described in "Resolving Name originated following the procedures described in "Resolving Name
Conflicts"[7]. The server MAY originate the update before the server Conflicts"[7]. The server MAY originate the update before the server
sends the DHCPACK message to the client. In this case the RCODE from sends the DHCPACK message to the client. In this case the RCODE from
the update [RFC2136] MUST be carried to the client in the RCODE2 the update RFC2136[5] MUST be carried to the client in the RCODE2
field of the Client FQDN option in the DHCPACK message. field of the Client FQDN option in the DHCPACK message.
Alternatively, the server MAY send the DHCPACK message to the client Alternatively, the server MAY send the DHCPACK message to the client
without waiting for the update to be completed. In this case the without waiting for the update to be completed. In this case the
RCODE2 field of the Client FQDN option in the DHCPACK message MUST RCODE2 field of the Client FQDN option in the DHCPACK message MUST
be set to 255. Whether the DNS update occurs before or after the be set to 255. Whether the DNS update occurs before or after the
DHCPACK is sent is entirely up to the DHCP server's configuration. DHCPACK is sent is entirely up to the DHCP server's configuration.
When a DHCP server sends the Client FQDN option to a client in the When a DHCP server sends the Client FQDN option to a client in the
DHCPACK message, the DHCP server SHOULD send its notion of the DHCPACK message, the DHCP server SHOULD send its notion of the
complete FQDN for the client in the Domain Name field. The server complete FQDN for the client in the Domain Name field. The server
MAY simply copy the Domain Name field from the Client FQDN option MAY simply copy the Domain Name field from the Client FQDN option
that the client sent to the server in the DHCPREQUEST message. The that the client sent to the server in the DHCPREQUEST message. The
DHCP server MAY be configured to complete or modify the domain name DHCP server MAY be configured to complete or modify the domain name
which a client sent, or it MAY be configured to substitute a which a client sent, or it MAY be configured to substitute a
different name. different name.
If the server initiates a DNS update which is not complete until If the server initiates a DNS update that is not complete until
after the server has replied to the DHCP client, the server's after the server has replied to the DHCP client, the server's
interaction with the DNS server may cause the DHCP server to change interaction with the DNS server may cause the DHCP server to change
the domain name that it associates with the client. This may occur, the domain name that it associates with the client. This may occur,
for example, if the server detects and resolves a domain-name for example, if the server detects and resolves a domain-name
conflict. In such cases, the domain name that the server returns to conflict. In such cases, the domain name that the server returns to
the dhcp client may change between two dhcp exchanges. the dhcp client may change between two dhcp exchanges.
The server MUST use the same encoding format (ASCII or DNS binary The server MUST use the same encoding format (ASCII or DNS binary
encoding) that the client used in the FQDN option in its encoding) that the client used in the FQDN option in its
DHCPREQUEST, and MUST set the "E" bit in the option's Flags field DHCPREQUEST, and MUST set the "E" bit in the option's Flags field
skipping to change at page 11, line 23 skipping to change at page 11, line 52
SHOULD follow the procedures described in "Resolving Name SHOULD follow the procedures described in "Resolving Name
Conflicts"[7]. Conflicts"[7].
7. Security Considerations 7. Security Considerations
Unauthenticated updates to the DNS can lead to tremendous confusion, Unauthenticated updates to the DNS can lead to tremendous confusion,
through malicious attack or through inadvertent misconfiguration. through malicious attack or through inadvertent misconfiguration.
Administrators should be wary of permitting unsecured DNS updates to Administrators should be wary of permitting unsecured DNS updates to
zones which are exposed to the global Internet. Both DHCP clients zones which are exposed to the global Internet. Both DHCP clients
and servers SHOULD use some form of update request origin and servers SHOULD use some form of update request origin
authentication procedure (e.g., Secure DNS Dynamic Update[10]) when authentication procedure (e.g., Secure DNS Dynamic Update[12]) when
performing DNS updates. performing DNS updates.
Whether a DHCP client may be responsible for updating an FQDN to IP Whether a DHCP client may be responsible for updating an FQDN to IP
address mapping or whether this is the responsibility of the DHCP address mapping or whether this is the responsibility of the DHCP
server is a site-local matter. The choice between the two server is a site-local matter. The choice between the two
alternatives may be based on the security model that is used with alternatives may be based on the security model that is used with
the DNS update protocol (e.g., only a client may have sufficient the DNS update protocol (e.g., only a client may have sufficient
credentials to perform updates to the FQDN to IP address mapping for credentials to perform updates to the FQDN to IP address mapping for
its FQDN). its FQDN).
skipping to change at page 11, line 49 skipping to change at page 12, line 29
cases where a DHCP server is performing DNS updates on behalf of a cases where a DHCP server is performing DNS updates on behalf of a
client, the DHCP server should be sure of the DNS name to use for client, the DHCP server should be sure of the DNS name to use for
the client, and of the identity of the client. the client, and of the identity of the client.
Currently, it is difficult for DHCP servers to develop much Currently, it is difficult for DHCP servers to develop much
confidence in the identities of its clients, given the absence of confidence in the identities of its clients, given the absence of
entity authentication from the DHCP protocol itself. There are many entity authentication from the DHCP protocol itself. There are many
ways for a DHCP server to develop a DNS name to use for a client, ways for a DHCP server to develop a DNS name to use for a client,
but only in certain relatively unusual circumstances will the DHCP but only in certain relatively unusual circumstances will the DHCP
server know for certain the identity of the client. If DHCP server know for certain the identity of the client. If DHCP
Authentication[11] becomes widely deployed this may become more Authentication[13] becomes widely deployed this may become more
customary. customary.
One example of a situation which offers some extra assurances is one One example of a situation which offers some extra assurances is one
where the DHCP client is connected to a network through an MCNS where the DHCP client is connected to a network through an MCNS
cable modem, and the CMTS (head-end) ensures that MAC address cable modem, and the CMTS (head-end) ensures that MAC address
spoofing simply does not occur. Another example of a configuration spoofing simply does not occur. Another example of a configuration
that might be trusted is one where clients obtain network access via that might be trusted is one where clients obtain network access via
a network access server using PPP. The NAS itself might be obtaining a network access server using PPP. The NAS itself might be obtaining
IP addresses via DHCP, encoding a client identification into the IP addresses via DHCP, encoding a client identification into the
DHCP client-id option. In this case, the network access server as DHCP client-id option. In this case, the network access server as
skipping to change at page 13, line 6 skipping to change at page 13, line 36
[7] Stapp, M., "Resolution of DNS Name Conflicts Among DHCP [7] Stapp, M., "Resolution of DNS Name Conflicts Among DHCP
Clients (draft-ietf-dhc-ddns-resolution-*.txt)", July 2000. Clients (draft-ietf-dhc-ddns-resolution-*.txt)", July 2000.
[8] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671, [8] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671,
August 1999. August 1999.
[9] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington, [9] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington,
"Secret Key Transaction Authentication for DNS (TSIG)", RFC "Secret Key Transaction Authentication for DNS (TSIG)", RFC
2845, May 2000. 2845, May 2000.
[10] Wellington, B., "Secure DNS Dynamic Update", RFC 3007, [10] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 2279, January 1998.
[11] Eastlake, D., "Domain Name System Security Extensions", RFC
2535, March 1999.
[12] Wellington, B., "Secure DNS Dynamic Update", RFC 3007,
November 2000. November 2000.
[11] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages [13] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages
(draft-ietf-dhc-authentication-*)", June 1999. (draft-ietf-dhc-authentication-*)", June 1999.
Authors' Addresses Authors' Addresses
Mark Stapp Mark Stapp
Cisco Systems, Inc. Cisco Systems, Inc.
250 Apollo Dr. 250 Apollo Dr.
Chelmsford, MA 01824 Chelmsford, MA 01824
USA USA
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/