| draft-ietf-dhc-dhcp-dns-09.txt | draft-ietf-dhc-dhcp-dns-10.txt | |||
|---|---|---|---|---|
| Network Working Group Yakov Rekhter | Network Working Group Yakov Rekhter | |||
| INTERNET-DRAFT Mark Stapp | INTERNET-DRAFT Mark Stapp | |||
| Cisco Systems | Cisco Systems | |||
| February 1999 | June 1999 | |||
| Expires August 1999 | Expires | |||
| December 1999 | ||||
| Interaction between DHCP and DNS | Interaction between DHCP and DNS | |||
| <draft-ietf-dhc-dhcp-dns-09.txt> | <draft-ietf-dhc-dhcp-dns-10.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 40 | skipping to change at page 1, line 40 | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (1999). All Rights Reserved. | Copyright (C) The Internet Society (1999). All Rights Reserved. | |||
| Abstract | Abstract | |||
| DHCP provides a powerful mechanism for IP host autoconfiguration. | DHCP provides a powerful mechanism for IP host configuration. | |||
| However, the autoconfiguration provided by DHCP does not include | However, the configuration capability provided by DHCP does not | |||
| updating DNS, and specifically updating the name to address and | include updating DNS, and specifically updating the name to address | |||
| address to name mappings maintained by DNS. | and address to name mappings maintained in the DNS. | |||
| This document specifies how DHCP clients and servers should use the | This document specifies how DHCP clients and servers should use the | |||
| Dynamic DNS Updates mechanism to update the DNS name to address and | Dynamic DNS Updates mechanism in [RFC2136] to update the DNS name to | |||
| address to name mapping, so that the mappings for DHCP clients would | address and address to name mappings so that the mappings for DHCP | |||
| be consistent with the IP addresses that the clients acquire via | clients will be consistent with the IP addresses that the clients | |||
| DHCP. | acquire via DHCP. | |||
| 1. Terminology | 1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| 2. Interaction between DHCP and DNS | 2. Interaction between DHCP and DNS | |||
| DNS [RFC1034, RFC1035] maintains (among other things) the information | DNS [RFC1034, RFC1035] maintains (among other things) the information | |||
| about mapping between hosts' Fully Qualified Domain Names (FQDNs) | about mapping between hosts' Fully Qualified Domain Names (FQDNs) | |||
| [RFC1594] and IP addresses assigned to the hosts. The information is | [RFC1594] and IP addresses assigned to the hosts. The information is | |||
| maintained in two types of Resource Records (RRs): A and PTR. The A | maintained in two types of Resource Records (RRs): A and PTR. The A | |||
| RR contains mapping from a FQDN to an IP address; the PTR RR contains | RR contains a mapping from an FQDN to an IP address; the PTR RR con- | |||
| mapping from an IP address to a FQDN. | tains a mapping from an IP address to a FQDN. The Dynamic DNS | |||
| Updates specification [RFC2136] describes a mechanism that enables | ||||
| DNS information to be updated over a network. | ||||
| DHCP [RFC1541] provides a mechanism by which a host (a DHCP client) | DHCP [RFC2131] provides a mechanism by which a host (a DHCP client) | |||
| could acquire certain configuration information, and specifically its | could acquire certain configuration information, and specifically its | |||
| IP address(es). However, DHCP does not provide any mechanisms to | IP address(es). However, DHCP does not provide any mechanisms to | |||
| update the DNS RRs that contain the information about mapping between | update the DNS RRs that contain the information about mapping between | |||
| the host's FQDN and its IP address(es) (A and PTR RRs). Thus the | the host's FQDN and its IP address(es) (A and PTR RRs). Thus the | |||
| information maintained by DNS for a DHCP client may be incorrect - a | information maintained by DNS for a DHCP client may be incorrect - a | |||
| host (the client) could acquire its address by using DHCP, but the A | host (the client) could acquire its address by using DHCP, but the A | |||
| RR for the host's FQDN wouldn't reflect the address that the host | RR for the host's FQDN wouldn't reflect the address that the host | |||
| acquired, and the PTR RR for the acquired address wouldn't reflect | acquired, and the PTR RR for the acquired address wouldn't reflect | |||
| the host's FQDN. | the host's FQDN. | |||
| Dynamic DNS Updates [RFC2136] is a mechanism that enables DNS infor- | ||||
| mation to be updated over a network. | ||||
| The Dynamic DNS Update protocol can be used to maintain consistency | The Dynamic DNS Update protocol can be used to maintain consistency | |||
| between the information stored in the A and PTR RRs and the actual | between the information stored in the A and PTR RRs and the actual | |||
| address assignment done via DHCP. When a host with a particular FQDN | address assignment done via DHCP. When a host with a particular FQDN | |||
| acquires its IP address via DHCP, the A RR associated with the host's | acquires its IP address via DHCP, the A RR associated with the host's | |||
| FQDN would be updated (by using the Dynamic DNS Updates protocol) to | FQDN would be updated (by using the Dynamic DNS Updates protocol) to | |||
| reflect the new address. Likewise, when an IP address gets assigned | reflect the new address. Likewise, when an IP address gets assigned | |||
| to a host with a particular FQDN, the PTR RR associated with this | to a host with a particular FQDN, the PTR RR associated with this | |||
| address would be updated (using the Dynamic DNS Updates protocol) to | address would be updated (using the Dynamic DNS Updates protocol) to | |||
| reflect the new FQDN. | reflect the new FQDN. | |||
| Although this document refers to the A and PTR DNS record types and | ||||
| to DHCP assignment of IPv4 addresses, the same procedures and | ||||
| requirements should apply for updates to the analogous RR types that | ||||
| are used when clients are assigned IPv6 addresses via DHCPv6. | ||||
| 3. Models of operation | 3. Models of operation | |||
| When a DHCP client acquires a new address, both the A RR (for the | When a DHCP client acquires a new address, both the A RR (for the | |||
| client's FQDN) and the PTR RR (for the acquired address) have to be | client's FQDN) and the PTR RR (for the acquired address) have to be | |||
| updated. Therefore, we have two separate Dynamic DNS Update transac- | updated. Therefore, two separate Dynamic DNS Update transactions | |||
| tions. Acquiring an address via DHCP involves two entities: a DHCP | occur. Acquiring an address via DHCP involves two entities: a DHCP | |||
| client and a DHCP server. In principle each of these entities could | client and a DHCP server. In principle each of these entities could | |||
| perform none, one, or both of the transactions. However, upon some | perform none, one, or both of the transactions. However, upon reflec- | |||
| reflection one could realize that not all permutations make sense. | tion one could realize that not all permutations make sense. This | |||
| This document covers the possible design permutations: | document covers the possible design permutations: | |||
| (1) DHCP client updates the A RR, DHCP server updates the PTR RR | (1) DHCP client updates the A RR, DHCP server updates the PTR RR | |||
| (2) DHCP server updates both the A and the PTR RRs | (2) DHCP server updates both the A and the PTR RRs | |||
| One could observe that the only difference between these two cases is | One could observe that the only difference between these two cases is | |||
| whether the FQDN to IP address mapping is updated by a DHCP client or | whether the FQDN to IP address mapping is updated by a DHCP client or | |||
| by a DHCP server. The IP address to FQDN mapping is updated by a DHCP | by a DHCP server. The IP address to FQDN mapping is updated by a DHCP | |||
| server in both cases. | server in both cases. | |||
| The reason these two are important, while others are unlikely, has to | The reason these two are important, while others are unlikely, has to | |||
| do with authority over the respective DNS RRs. A client may be given | do with authority over the respective DNS domain names. A client may | |||
| authority over mapping its own A RRs, or that may be restricted to a | be given authority over mapping its own A RRs, or that authority may | |||
| server to prevent the client from listing arbitrary addresses. In | be restricted to a server to prevent the client from listing arbi- | |||
| all cases, the only reasonable place for the authority over the PTR | trary addresses or associating its address with arbitrary domain | |||
| RRs associated with the address is in the DHCP server that allocates | names. In all cases, the only reasonable place for the authority over | |||
| them. | the PTR RRs associated with the address is in the DHCP server that | |||
| allocates them. | ||||
| In any case, whether a site permits all, some, or no DHCP servers and | ||||
| clients to perform DNS updates into the zones which it controls is | ||||
| entirely a matter of local administrative policy. This document does | ||||
| not require any specific administrative policy, and does not propose | ||||
| one. The range of possible policies is very broad, from sites where | ||||
| only the DHCP servers have been given credentials that the DNS | ||||
| servers will accept, to sites where each individual DHCP client has | ||||
| been configured with credentials which allow the client to modify its | ||||
| own domain name. Compliant implementations will support some or all | ||||
| of these possibilities. | ||||
| This document describes a new DHCP option which a client can use to | ||||
| convey all or part of its domain name to a DHCP server. Site-specific | ||||
| policy determines whether DHCP servers use the names that clients | ||||
| offer or not, and what DHCP servers should do in cases where clients | ||||
| do not supply domain names. | ||||
| 3.1. Client FQDN Option | 3.1. Client FQDN Option | |||
| To update the IP address to FQDN mapping a DHCP server needs to know | To update the IP address to FQDN mapping a DHCP server needs to know | |||
| FQDN of the client to which the server leases the address. To allow | the FQDN of the client to which the server leases the address. To | |||
| the client to convey its FQDN to the server this document defines a | allow the client to convey its FQDN to the server this document | |||
| new option, called "Client FQDN". | defines a new DHCP option, called "Client FQDN". The FQDN Option also | |||
| contains Flags and RCode fields which DHCP servers can use to convey | ||||
| information about DNS updates to clients. | ||||
| Clients MAY send the FQDN option, setting appropriate Flags values, | ||||
| in both their DISCOVER and REQUEST messages. If a client sends the | ||||
| FQDN option in its DISCOVER message, it MUST send the option in sub- | ||||
| sequent REQUEST messages. | ||||
| The code for this option is 81. Its minimum length is 4. | The code for this option is 81. Its minimum length is 4. | |||
| Code Len Flags RCODE1 RCODE2 Domain Name | Code Len Flags RCODE1 RCODE2 Domain Name | |||
| +------+------+------+------+------+------+-- | +------+------+------+------+------+------+-- | |||
| | 81 | n | | | | ... | | 81 | n | | | | ... | |||
| +------+------+------+------+------+------+-- | +------+------+------+------+------+------+-- | |||
| The Flags field allows a DHCP client to indicate to a DHCP server | 3.1.1. The Flags Field | |||
| whether (a) the client wants to be responsible for updating the FQDN | ||||
| to IP address mapping (if Flags is set to 0), or (b) the client wants | This figure presents the format of the Flags field, which is one byte | |||
| the server to be responsible for updating the FQDN to IP address map- | long: | |||
| ping (if Flags is set to 1). The Flags field also allows a DHCP | ||||
| server to indicate to a DHCP client that the server assumes the | 0 1 2 3 4 5 6 7 | |||
| responsibility for updating the FQDN to IP address mapping, even if | +-+-+-+-+-+-+-+-+ | |||
| the client wants to be responsible for this update (if Flags is set | | MBZ |E|O|S| | |||
| to 3). | +-+-+-+-+-+-+-+-+ | |||
| When a client sends the FQDN option in its DHCPDISCOVER and/or | ||||
| DHCPREQUEST messages, it sets the right-most bit (labelled "S") to | ||||
| indicate that it will not perform any Dynamic DNS updates, and that | ||||
| it expects the DHCP server to perform any FQDN-to-IP (the A RR) DNS | ||||
| update on its behalf. If this bit is clear, the client indicates that | ||||
| it intends to perform its own FQDN-to-IP mapping update. | ||||
| If a DHCP server intends to take responsibility for the A RR update | ||||
| whether or not the client sending the FQDN option has set the "S" | ||||
| bit, it sets both the "O" bit and the "S" bit, and sends the FQDN | ||||
| option in its corresponding DHCPOFFER and/or DHCPACK messages. | ||||
| The data in the Domain Name field may appear in one of two formats: | ||||
| ASCII, or DNS-style binary encoding (without compression, of course). | ||||
| A client which sends the FQDN option sets the "E" bit to indicate | ||||
| that the data in the Domain Name field is DNS-encoded, as described | ||||
| in [RFC1035]. | ||||
| The remaining bits in the Flags field are reserved for future assign- | ||||
| ment. DHCP clients and servers which send the FQDN option MUST set | ||||
| the MBZ bits to 0, and they MUST ignore values in the part of the | ||||
| field labelled "MBZ". | ||||
| 3.1.2. The RCODE Fields | ||||
| The RCODE1 and RCODE2 fields are used by a DHCP server to indicate to | The RCODE1 and RCODE2 fields are used by a DHCP server to indicate to | |||
| a DHCP client the Response Code from Dynamic DNS Updates. | a DHCP client the Response Code from the an A RR Dynamic DNS Update | |||
| performed on the client's behalf. The server also uses these fields | ||||
| to indicate whether it has attempted such an update before sending | ||||
| the DHCPACK message. Each of these fields is one byte long. | ||||
| The Domain Name part of the option carries FQDN of a client. | 3.1.3. The Domain Name Field | |||
| The Domain Name part of the option carries the FQDN of a DHCP client. | ||||
| A client may be configured with a fully-qualified domain name, or | ||||
| with a partial name that is not fully-qualified. If a client knows | ||||
| only part of its name, it MAY send a single label, indicating that it | ||||
| knows part of the name but does not necessarily know the zone in | ||||
| which the name is to be embedded. The data in the Domain Name field | ||||
| may appear in one of two formats: ASCII (with no terminating NULL), | ||||
| or DNS encoding as specified in [RFC1035]. If the DHCP client wishes | ||||
| to use DNS encoding, it MUST set the third-from-rightmost bit in the | ||||
| Flags field (the "E" bit); if it uses ASCII encoding, it must clear | ||||
| that Flags bit. | ||||
| A DHCP client that can only send a single label using ASCII encoding | ||||
| includes a series of ASCII characters in the Domain Name field, | ||||
| excluding the "." (dot) character. The client SHOULD follow the | ||||
| character-set recommendations of [RFC1034] and [RFC1035]. A client | ||||
| using DNS encoding sends a single label as a single byte count, fol- | ||||
| lowed by that number of bytes of data, without a terminal reference | ||||
| to the root. | ||||
| 3.2. DHCP Client behavior | 3.2. DHCP Client behavior | |||
| The following describes behavior of a DHCP client that implements the | The following describes the behavior of a DHCP client that implements | |||
| Client FQDN option. | the Client FQDN option. | |||
| If a client that owns/maintains is own FQDN wants to be responsible | If a client that owns/maintains its own FQDN wants to be responsible | |||
| for updating the FQDN to IP address mapping for the FQDN and | for updating the FQDN to IP address mapping for the FQDN and | |||
| address(es) used by the client, then the client MUST include the | address(es) used by the client, then the client MUST include the | |||
| Client FQDN option in the DHCPREQUEST message originated by the | Client FQDN option in the DHCPREQUEST message originated by the | |||
| client. The Flags field in the option MUST be set to 0. Once the | client. A DHCP client MAY choose to include the Client FQDN option in | |||
| its DISCOVER messages as well as its REQUEST messages. The rightmost | ||||
| bit in the Flags field in the option MUST be set to 0. Once the | ||||
| client's DHCP configuration is completed (the client receives a | client's DHCP configuration is completed (the client receives a | |||
| DHCPACK message, and successfully completed a final check on the | DHCPACK message, and successfully completes a final check on the | |||
| parameters passed in the message), the client MUST originate an | parameters passed in the message), the client SHOULD originate an | |||
| update for the A RR (associated with the client's FQDN). The update | update for the A RR (associated with the client's FQDN). The update | |||
| MUST be originated following the procedures described in [RFC2136]. | MUST be originated following the procedures described in section 3.4. | |||
| If the DHCP server from which the client is requesting a lease | ||||
| includes the FQDN option in its ACK message, and if the server sets | ||||
| both the "S" and the "O" bits in the option's Flags field, the client | ||||
| MUST NOT initiate an update for the name in the Domain Name field. | ||||
| A client that owns/maintains its own FQDN can choose to delegate the | A client can choose to delegate the responsibility for updating the | |||
| responsibility for updating the FQDN to IP address mapping for the | FQDN to IP address mapping for the FQDN and address(es) used by the | |||
| FQDN and address(es) used by the client to the server. In order to | client to the server. In order to inform the server of this choice, | |||
| inform the server of this choice, the client MUST include the Client | the client SHOULD include the Client FQDN option in its DHCPREQUEST | |||
| FQDN option in the DHCPREQUEST message originated by the client. The | message. The rightmost (or "S") bit in the Flags field in the option | |||
| Flags field in the option MUST be set to 1. In this case, the client | MUST be set to 1. A client which delegates this responsibility MUST | |||
| MAY supply an FQDN in the Client FQDN option, or it MAY leave that | NOT attempt to perform a Dynamic DNS update for the name in the | |||
| field empty as a signal to the server to generate an FQDN for the | Domain Name field of the FQDN option. The client MAY supply an FQDN | |||
| client in any manner the server chooses. | in the Client FQDN option, or it MAY supply a single label (the | |||
| most-specific label), or it MAY leave that field empty as a signal to | ||||
| the server to generate an FQDN for the client in any manner the | ||||
| server chooses. | ||||
| A client that delegates the responsibility for updating the FQDN to | Since there is a possibility that the DHCP server may be configured | |||
| IP address mapping to a server MAY not receive any indications | to complete or replace a domain name that the client was configured | |||
| (either positive or negative) from the server whether the server was | to send, the client might find it useful to send the FQDN option in | |||
| able to perform the update. In this case the client MAY use a DNS | its DISCOVER messages. If the DHCP server returns different Domain | |||
| query to check whether the mapping is updated. | Name data in its OFFER message, the client could use that data in | |||
| performing its own eventual A RR update, or in forming the FQDN | ||||
| option that it sends in its REQUEST message. There is no requirement | ||||
| that the client send identical FQDN option data in its DISCOVER and | ||||
| REQUEST messages. In particular, if a client has sent the FQDN option | ||||
| to its server, and the configuration of the client changes so that | ||||
| its notion of its domain name changes, it should send the new data in | ||||
| an FQDN option when it communicates with the server again. This may | ||||
| allow the DHCP server to update the name associated with the PTR | ||||
| record, and, if the server updated the A record representing the | ||||
| client, to delete that record and attempt an update for the client's | ||||
| current domain name. | ||||
| A client which delegates the responsibility for updating the FQDN to | ||||
| IP address mapping to a server might not receive any indication | ||||
| (either positive or negative) about the status of the update from the | ||||
| server. The client MAY use a DNS query to check whether the mapping | ||||
| is updated. | ||||
| A client MUST set the RCODE1 and RCODE2 fields in the Client FQDN | A client MUST set the RCODE1 and RCODE2 fields in the Client FQDN | |||
| option to 0 when sending the option. | option to 0 when sending the option. | |||
| If a client releases its address lease prior to the lease expiration | If a client releases its lease prior to the lease expiration time and | |||
| time and the client is responsible for updating its A RR(s), the | the client is responsible for updating its A RR(s), the client SHOULD | |||
| client SHOULD delete the A RR (following the procedures described in | delete the A RR (following the procedures described in [RFC2136]) | |||
| [RFC2136]) associated with the leased address before sending a DHCP | associated with the leased address before sending a DHCPRELEASE mes- | |||
| RELEASE message. | sage. Similarly, if a client was responsible for updating its A RR, | |||
| but is unable to renew its lease, the client SHOULD attempt to delete | ||||
| the A RR before its lease expires. A client which has not been able | ||||
| to delete an A RR which it added (because it has lost its IP address) | ||||
| SHOULD add an entry to its logfile and/or notify its administrator. | ||||
| 3.3. DHCP Server behavior | 3.3. DHCP Server behavior | |||
| When a server receives a DHCPREQUEST message from a client, if the | When a server receives a DHCPREQUEST message from a client, if the | |||
| message contains the Client FQDN option, and the server replies to | message contains the Client FQDN option, and the server replies to | |||
| the message with a DHCPACK message, the server SHOULD originate an | the message with a DHCPACK message, the server SHOULD originate an | |||
| update for the PTR RR (associated with the address leased to the | update for the PTR RR associated with the address leased to the | |||
| client). The update MUST be originated following the procedures | client if the server is configured to perform DNS updates. The update | |||
| described in Section 3.4. The server MAY complete the update before | MUST be originated following the procedures described in Section 3.4. | |||
| the server sends the DHCPACK message to the client. In this case the | The server MAY complete the update before the server sends the | |||
| RCODE from the update [RFC2136] MUST be carried to the client in the | DHCPACK message to the client. In this case the RCODE from the update | |||
| RCODE1 field of the Client FQDN option in the DHCPACK message and the | [RFC2136] MUST be carried to the client in the RCODE1 field of the | |||
| RCODE2 field MUST be set to 0. Alternatively, the server MAY send the | Client FQDN option in the DHCPACK message. Alternatively, the server | |||
| DHCPACK message to the client without waiting for the update to be | MAY send the DHCPACK message to the client without waiting for the | |||
| completed. In this case the RCODE1 field of the Client FQDN option | update to be completed. In this case the RCODE1 field of the Client | |||
| in the DHCPACK message MUST be set to 255, and the RCODE2 field MUST | FQDN option in the DHCPACK message MUST be set to 255. The choice | |||
| be set to 0. The choice between the two alternatives is entirely up | between the two alternatives is entirely determined by the configura- | |||
| to the DHCP server. | tion of the DHCP server. Servers SHOULD support both configuration | |||
| options. | ||||
| In addition, if the Client FQDN option carried in the DHCPREQUEST | In addition, if the Client FQDN option carried in the DHCPREQUEST | |||
| message has its Flags field set to 1, then the server MUST originate | message has the "S" bit in its Flags field set, then the server MAY | |||
| an update for the A RR (associated with the FQDN carried in the | originate an update for the A RR (associated with the FQDN carried in | |||
| option). The update MUST be originated following the procedures | the option) if it is configured to do so by the site's administrator, | |||
| described in Section 3.4. The server MAY originate the update before | and if it has the necessary credentials. The server MAY be configured | |||
| the server sends the DHCPACK message to the client. In this case the | to use the name supplied by the client, or it MAY be configured to | |||
| RCODE from the update [RFC2136] MUST be carried to the client in the | modify the supplied name, or substitute a different name. | |||
| RCODE2 field of the Client FQDN option in the DHCPACK message. | ||||
| Alternatively the server MAY send the DHCPACK message to the client | The update MUST be originated following the procedures described in | |||
| without waiting for the update to be completed. In this case the | Section 3.4. The server MAY originate the update before the server | |||
| RCODE2 field of the Client FQDN option in the DHCKACK message MUST be | sends the DHCPACK message to the client. In this case the RCODE from | |||
| set to 255. The choice between the two alternatives is entirely up to | the update [RFC2136] MUST be carried to the client in the RCODE2 | |||
| the DHCP server. | field of the Client FQDN option in the DHCPACK message. Alterna- | |||
| tively the server MAY send the DHCPACK message to the client without | ||||
| waiting for the update to be completed. In this case the RCODE2 field | ||||
| of the Client FQDN option in the DHCPACK message MUST be set to 255. | ||||
| The choice between the two alternatives is entirely up to the DHCP | ||||
| server. In either case, if the server intends to perform the DNS | ||||
| update and the client's REQUEST message included the FQDN option, the | ||||
| server SHOULD include the FQDN option in its ACK message, and MUST | ||||
| set the "S" bit in the option's Flags field. | ||||
| Even if the Client FQDN option carried in the DHCPREQUEST message has | Even if the Client FQDN option carried in the DHCPREQUEST message has | |||
| its Flags field set to 0 (indicating that the client wants to update | the "S" bit its Flags field clear (indicating that the client wants | |||
| the A RR), the server MAY (at the determination of the local adminis- | to update the A RR), the server MAY, be configured byt the local | |||
| trator) update the A RR. The update MUST be originated following the | administrator to update the A RR on the client's behalf. A server | |||
| procedures described in Section 3.4. The server MAY originate the | which is configured to override the client's preference SHOULD | |||
| update before the server sends the DHCPACK message to the client. In | include an FQDN option in its ACK message, and MUST set both the "O" | |||
| this case the RCODE from the update [RFC2136] MUST be carried to the | and "S" bits in the FQDN option's Flags field. The update MUST be | |||
| client in the RCODE2 field of the Client FQDN option in the DHCPACK | originated following the procedures described in Section 3.4. The | |||
| message, and the Flags field in the Client FQND option MUST be set to | server MAY originate the update before the server sends the DHCPACK | |||
| 3. Alternatively, the server MAY send the DHCPACK message to the | message to the client. In this case the RCODE from the update | |||
| client without waiting for the update to be completed. In this case | [RFC2136] MUST be carried to the client in the RCODE2 field of the | |||
| the RCODE2 field of the Client FQDN option in the DHCKACK message | Client FQDN option in the DHCPACK message. Alternatively, the server | |||
| MUST be set to 255, and the Flags field in the Client FQDN option | MAY send the DHCPACK message to the client without waiting for the | |||
| MUST be set to 3. Whether the DNS update occurs before or after the | update to be completed. In this case the RCODE2 field of the Client | |||
| DHCPACK is sent is entirely up to the DHCP server. | FQDN option in the DHCPACK message MUST be set to 255. Whether the | |||
| DNS update occurs before or after the DHCPACK is sent is entirely up | ||||
| to the DHCP server's configuration. | ||||
| When a server receives a DHCPREQUEST message from a client, and the | When a server receives a DHCPREQUEST message from a client, and the | |||
| message contains the Client FQDN option, the server MUST ignore the | message contains the Client FQDN option, the server MUST ignore the | |||
| value carried in the RCODE1 and RCODE2 fields of the option. | values carried in the RCODE1 and RCODE2 fields of the option. | |||
| When a DHCP server sends the Client FQDN option to a client in the | When a DHCP server sends the Client FQDN option to a client in the | |||
| DHCPACK message, the server MUST copy the Domain Name fields from the | DHCPACK message, the server MUST copy the Domain Name field from the | |||
| Client FQDN option that the client sent to the server in the DHCPRE- | Client FQDN option that the client sent to the server in the DHCPRE- | |||
| QUEST message. | QUEST message. If, however, the client sent only a single label, or | |||
| if the DHCP server has been configured to assign the client a name | ||||
| different from the one the client has sent, the server SHOULD send | ||||
| its notion of the complete FQDN for the client. The server MUST use | ||||
| the same encoding format (ASCII or DNS-encoding) that the client used | ||||
| in the FQDN option in its DHCPREQUEST, and MUST set the "E" bit in | ||||
| the option's Flags field accordingly. | ||||
| If the DHCPREQUST message received by a DHCP server from a DHCP | If the DHCPREQUEST message received by a DHCP server from a DHCP | |||
| client doesn't carry the Client FQDN option (e.g., the client doesn't | client doesn't carry the Client FQDN option (e.g., the client doesn't | |||
| implement the Client FQDN option), and the DHCP client acquires its | implement the Client FQDN option), and the DHCP client acquires its | |||
| FQDN from a DHCP server (as part of a normal DHCP transaction), then | FQDN from a DHCP server (as part of a normal DHCP transaction), then | |||
| the server MAY be configured to update both A and PTR RRs. The | the server MAY be configured to update both A and PTR RRs. Any | |||
| updates MUST be originated following the procedures described in Sec- | updates MUST be originated following the procedures described in Sec- | |||
| tion 3.4. | tion 3.4. In this case, the server MAY NOT wish to return the FQDN | |||
| option to a client which may not be able to understand it. If it can, | ||||
| the DHCP server MAY (optionally) return the host part of the domain | ||||
| name that it will use for the client in the host-name DHCP option | ||||
| (defined in [RFC2132]). Note that it may not be possible to con- | ||||
| sistently encode some domain name data in the format specified by the | ||||
| host-name option. | ||||
| If a server detects that a lease on an address that the server leases | If a server detects that a lease on an address that the server leases | |||
| to a client expires, the server SHOULD delete the PTR RR associated | to a client has expired or has been released by the client, the | |||
| with the address. In addition, if the A RR (of the client) was ini- | server SHOULD delete the PTR RR which it associated with the address | |||
| tially updated by the server, the server SHOULD also delete the A RR. | via DNS Dynamic Update. In addition, if the server added an A RR on | |||
| The deletion MUST follow the procedures described in [RFC2136]. | behalf of the client, the server SHOULD also delete the A RR. The | |||
| deletion MUST follow the procedures described in Section 3.4. | ||||
| If a server terminates a lease on an address prior to the lease | If a server terminates a lease on an address prior to the lease's | |||
| expiration time, the server SHOULD delete the PTR RR associated with | expiration time, for instance by sending a DHCPNAK to a client, the | |||
| the address. In addition, if the server (that leased the address) | server SHOULD delete the PTR RR which it associated with the address | |||
| initially updated the A RR (of the client), the server SHOULD also | via DNS Dynamic Update. In addition, if the server took responsibil- | |||
| delete the A RR. The deletion MUST follow the procedures described in | ity for the client's A RR , the server SHOULD also delete that A RR. | |||
| [RFC2136]. | The deletion MUST follow the procedures described in Section 3.4. | |||
| 3.4. Procedures for performing DNS updates | 3.4. Procedures for performing DNS updates | |||
| There are two principal issues that need to be addressed concerning A | There are two principal issues that need to be addressed concerning A | |||
| RR DNS updates: | RR DNS updates: | |||
| o Name Collisions | o Name Collisions | |||
| If the entity updating the A RR (either the DHCP client or DHCP | If the entity updating the A RR (either the DHCP client or DHCP | |||
| server) attempts to perform a DNS update with a DNS name that is | server) attempts to perform a DNS update to a domain name that | |||
| already in use, what should be done? In some scenarios these | has an A RR which is already in use by a different DHCP client, | |||
| name collisions are unlikely, in some scenarios they are very | what should be done? Similarly, should a DHCP client or server | |||
| likely: | update a domain name which has an A RR that has been configured | |||
| by an administrator? In either of these cases, the domain name | ||||
| in question would either have an additional A RR, or would have | ||||
| its original A RR replaced by the new record. Either of these | ||||
| effects may be considered undesirable in some sites. This | ||||
| specification describes behavior designed to prevent these | ||||
| undesirable effects, and requires that implementations make this | ||||
| behavior the default. In some scenarios these name collisions | ||||
| are unlikely, in some scenarios they are very likely: | ||||
| 1. Client updates A RR, uses DNSSEC: Name collisions in | 1. Client updates A RR, uses DNSSEC: Name collisions in this | |||
| this scenario are unlikely (though not impossible), since | scenario are unlikely (though not impossible), since for the | |||
| for the client to use DNSSEC, it has already received | client to use DNSSEC, it has already received credentials | |||
| credentials specific to the name it will add. This implies | specific to the name it desires to use. This implies that | |||
| that the name has already been allocated (through some | the name has already been allocated (through some | |||
| implementation- or organization-specific procedure, and | implementation- or organization-specific procedure, and | |||
| presumably uniquely) to that client. | presumably uniquely) to that client. | |||
| 2. Client updates A RR, uses some form of TSIG: Name | 2. Client updates A RR, uses some form of TSIG: Name colli- | |||
| collisions in this scenario are possible, since the | sions in this scenario are possible, since the credentials | |||
| credentials necessary for the client to update DNS are not | necessary for the client to update DNS are not necessarily | |||
| name specific. Thus, for the client to be attempting to | name-specific. Thus, for the client to be attempting to | |||
| update a unique name requires the existence of some | update a unique name requires the existence of some adminis- | |||
| administrative procedure to ensure client configuration | trative procedure to ensure client configuration with unique | |||
| with unique names. | names. | |||
| 3. Server updates the A RR, uses a name for the client | 3. Server updates the A RR, uses a name for the client which | |||
| which is known to the server: Name collisions in this | is known to the server: Name collisions in this scenario are | |||
| scenario are likely unless prevented by the server' name | likely unless prevented by the server's name configuration | |||
| configuration procedures. See Section 7 for security issues | procedures. See Section 5 for security issues with this form | |||
| with this form of deployment. | of deployment. | |||
| 4. Server updates the A RR, uses a name supplied by the | 4. Server updates the A RR, uses a name supplied by the | |||
| client: Name collisions in this scenario are highly | client: Name collisions in this scenario are highly likely, | |||
| likely, even with administrative procedures designed to | even with administrative procedures designed to prevent them. | |||
| prevent them. (This scenario is a popular one in | (This scenario is a popular one in real-world deployments in | |||
| real-world deployments in many types of organizations.) | many types of organizations.) See Section 5 for security | |||
| See Section 7 for security issues with this type of | issues with this type of deployment. | |||
| deployment. | ||||
| Scenarios 3 and 4 are much more attractive given some form of | Scenarios 3 and 4 are much more attractive given some form of | |||
| DHCP Authentication, but the difficulties remain. | DHCP Authentication, but the difficulties remain. | |||
| Scenarios 2, 3, and 4 rely on administrative procedures to | Scenarios 2, 3, and 4 rely on administrative procedures to | |||
| ensure name uniqueness for DNS updates, and these procedures may | ensure name uniqueness for DNS updates, and these procedures may | |||
| break down. Experience has shown that, in fact, these pro- | break down. Experience has shown that, in fact, these pro- | |||
| cedures will break down at least occasionally. The question is | cedures will break down at least occasionally. The question is | |||
| what to do when these procedures break down or, for example in | what to do when these procedures break down or, for example in | |||
| scenario #4, may not even exist. | scenario #4, may not even exist. | |||
| skipping to change at page 7, line 50 | skipping to change at page 11, line 4 | |||
| modes of operation to the administrator of the combined DHCP-DNS | modes of operation to the administrator of the combined DHCP-DNS | |||
| capability: first-update-wins (i.e., the first updating entity | capability: first-update-wins (i.e., the first updating entity | |||
| gets the name) or most-recent-update-wins (i.e., the last updat- | gets the name) or most-recent-update-wins (i.e., the last updat- | |||
| ing entity for a name gets the name). | ing entity for a name gets the name). | |||
| o Multiple DHCP servers | o Multiple DHCP servers | |||
| If multiple DHCP servers are able to update the same DNS zones, | If multiple DHCP servers are able to update the same DNS zones, | |||
| or if DHCP servers are performing A RR updates on behalf of DHCP | or if DHCP servers are performing A RR updates on behalf of DHCP | |||
| clients, and more than one DHCP server may be able to serve | clients, and more than one DHCP server may be able to serve | |||
| addresses to the same DHCP clients, the DHCP servers should be | addresses to the same population of DHCP clients, the DHCP | |||
| able to provide reasonable DNS name update behavior for DHCP | servers should be able to provide reasonable DNS name update | |||
| clients. | behavior for DHCP clients. | |||
| The solution to both of these problems is for the updating entities | The solution to both of these problems is for the updating entities | |||
| (both DHCP clients or DHCP servers) to be able to cooperate when | (either DHCP clients or DHCP servers) to be able to cooperate when | |||
| updating DNS A RRs. | updating DNS A RRs. | |||
| Specifically, a KEY RR, described in [RFC2065] is used to associate | Specifically, a KEY RR, described in [RFC2535] is used to associate | |||
| client ownership information with a DNS name and the A RR associated | client ownership information with a DNS name and the A RR associated | |||
| with that name. When either a client or server adds an A RR for a | with that name. When either a client or server adds an A RR for a | |||
| client, it also adds a KEY RR which specifies a unique client iden- | client, it also adds a KEY RR which specifies a unique client iden- | |||
| tity (based on a "client specifier" created from the client's | tity (based on a "client specifier" created from the client's | |||
| client-id or MAC address: see Appendix A). In this model, only one A | client-id or MAC address: see Appendix A). In this model, only one A | |||
| RR is associated with a given DNS name at a time. | RR is associated with a given DNS name at a time. | |||
| By associating this ownership information with each A RR, cooperating | By associating this ownership information with each A RR, cooperating | |||
| DNS updating entities may determine whether their client is the first | DNS updating entities may determine whether their client is the first | |||
| or last updater of the name (and implement the appropriately config- | or last updater of the name (and implement the appropriately config- | |||
| skipping to change at page 9, line 32 | skipping to change at page 12, line 35 | |||
| DISCUSSION: | DISCUSSION: | |||
| The updating entity may be configured to allow the existing owner | The updating entity may be configured to allow the existing owner | |||
| to keep the name, and to perform disambiguation on the name of the | to keep the name, and to perform disambiguation on the name of the | |||
| current client in order to attempt to generate a similar but | current client in order to attempt to generate a similar but | |||
| unique name for the current client. In this case, once such a | unique name for the current client. In this case, once such a | |||
| similar name has been generated, the updating entity should res- | similar name has been generated, the updating entity should res- | |||
| tart the process of adding an A RR as specified in this section. | tart the process of adding an A RR as specified in this section. | |||
| 3.4.2. 2 Adding PTR RR Entries to DNS | 3.4.2. Adding PTR RR Entries to DNS | |||
| The DHCP server submits a DNS query which deletes all of the PTR RRs | The DHCP server submits a DNS query which deletes all of the PTR RRs | |||
| associated with the lease IP address, and adds a PTR RR whose data is | associated with the lease IP address, and adds a PTR RR whose data is | |||
| the client's (possibly disambiguated) host name. The server also adds | the client's (possibly disambiguated) host name. The server also adds | |||
| a KEY RR whose data is the client's client-identity as described in | a KEY RR whose data is the client's client-identity as described in | |||
| Appendix A. | Appendix A. | |||
| 3.4.3. Removing Entries from DNS | 3.4.3. Removing Entries from DNS | |||
| The first rule in removing DNS entries is be sure that an entity | The first rule in removing DNS entries is be sure that an entity | |||
| removing a DNS entry is only removing an entry that it added. | removing a DNS entry is only removing an entry for which it is | |||
| responsible. | ||||
| When a lease expires or a DHCP client issues a DHCPRELEASE request, | When a lease expires or a DHCP client issues a DHCPRELEASE request, | |||
| the DHCP server SHOULD delete the PTR RR that matches the DHCP bind- | the DHCP server SHOULD delete the PTR RR that matches the DHCP bind- | |||
| ing, if one was successfully added. The server's update query SHOULD | ing, if one was successfully added. The server's update query SHOULD | |||
| assert that the name in the PTR record matches the name of the client | assert that the name in the PTR record matches the name of the client | |||
| whose lease has expired or been released. | whose lease has expired or been released. | |||
| The entity chosen to handle the A record for this client (either the | The entity chosen to handle the A record for this client (either the | |||
| client or the server) SHOULD delete the A record that was added when | client or the server) SHOULD delete the A and KEY records that were | |||
| the lease was made to the client. | added when the lease was made to the client. | |||
| In order to perform this delete, the updater prepares an UPDATE query | In order to perform this delete, the updater prepares an UPDATE query | |||
| which contains two prerequisites. The first prerequisite asserts | which contains two prerequisites. The first prerequisite asserts | |||
| that the KEY RR exists whose data is the client identity described in | that the KEY RR exists whose data is the client identity described in | |||
| Appendix A. The second prerequisite asserts that the data in the A RR | Appendix A. The second prerequisite asserts that the data in the A RR | |||
| contains the IP address of the lease that has expired or been | contains the IP address of the lease that has expired or been | |||
| released. | released. | |||
| If the query fails, the updater MUST conclude that it cannot delete | If the query's prerequisites fail, the updater MUST NOT delete the | |||
| the DNS name. It may be that the host whose lease on the server has | DNS name. It may be that the host whose lease on the server has | |||
| expired has moved to another network and obtained a lease from a dif- | expired has moved to another network and obtained a lease from a dif- | |||
| ferent server, which has caused the client's A RR to be replaced. It | ferent server, which has caused the client's A RR to be replaced. It | |||
| may also be that some other client has been configured with a name | may also be that some other client has been configured with a name | |||
| that matches the name of the DHCP client, and the policy was that the | that matches the name of the DHCP client, and the administrative pol- | |||
| last client to specify the name would get the name. In this case, | icy at the site was that the last client to specify the name would | |||
| the KEY RR will no longer match the updater's notion of the client- | get the name. In this case, the KEY RR will no longer match the | |||
| identity of the host pointed to by the DNS name. | updater's notion of the client-identity of the host pointed to by the | |||
| DNS name. | ||||
| 4. Updating other RRs | 4. Updating other RRs | |||
| The procedures described in this document only cover updates to the A | The procedures described in this document only cover updates to the A | |||
| and PTR RRs. Updating other types of RRs is outside the scope of this | and PTR RRs. Updating other types of RRs is outside the scope of this | |||
| document. | document. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| Whether the client wants to be responsible for updating the FQDN to | Whether the client may be responsible for updating the FQDN to IP | |||
| IP address mapping, or whether the client wants to delegate this | address mapping, or whether the this responsibility lies with the | |||
| responsibility to a server is a local to the client matter. The | DHCP server is a site-local matter. The choice between the two alter- | |||
| choice between the two alternatives may be based on a particular | natives may be based on a particular security model that is used with | |||
| security model that is used with the Dynamic DNS Update protocol | the Dynamic DNS Update protocol (e.g., only a client may have suffi- | |||
| (e.g., only a client may have sufficient credentials to perform | cient credentials to perform updates to the FQDN to IP address map- | |||
| updates to the FQDN to IP address mapping for its FQDN). | ping for its FQDN). | |||
| Whether a DHCP server is always responsible for updating the FQDN to | Whether a DHCP server is always responsible for updating the FQDN to | |||
| IP address mapping (in addition to updating the IP to FQDN mapping), | IP address mapping (in addition to updating the IP to FQDN mapping), | |||
| regarless of the wishes of a DHCP client, is a local to the server | regardless of the wishes of a DHCP client, is also a site-local | |||
| matter. The choice between the two alternatives may be based on a | matter. The choice between the two alternatives may be based on a | |||
| particular security model. | particular security model. | |||
| The client SHOULD use some form of data origin authentication pro- | The client SHOULD use some form of data origin authentication pro- | |||
| cedures (e.g., DNSSEC [DNSSEC]) when performing DNS updates. | cedures (e.g. [TSIG], [DNSSEC]) when performing DNS updates. | |||
| While the DHCP client SHOULD be the one to update the DNS A record, | While the DHCP client MAY be the one to update the DNS A record, in | |||
| in certain specialized cases a DHCP server MAY do so instead. In | certain specialized cases a DHCP server MAY do so instead. In this | |||
| this case, the DHCP server MUST be sure of both the name to use for | case, the DHCP server MUST be sure of both the name to use for the | |||
| the client, as well as the identity of the client. | client, as well as the identity of the client. | |||
| In the general case, both of these conditions are not satisfied -- | In the general case, both of these conditions are not satisfied -- | |||
| one needs to be mindful of the possibility of MAC address spoofing in | one needs to be mindful of the possibility of MAC address spoofing in | |||
| a DHCP packet. It is not difficult for a DHCP server to know unambi- | a DHCP packet. It is not difficult for a DHCP server to know unambi- | |||
| guously the DNS name to use for a client, but only in certain rela- | guously the DNS name to use for a client, but only in certain cir- | |||
| tively unusual circumstances will the DHCP server know for sure the | cumstances will the DHCP server know for sure the identity of the | |||
| identity of the client. One example of such a circumstance is where | client. If DHCP authentication [DHCPAUTH] becomes widely deployed | |||
| the DHCP client is connected to a network through an MCNS cable | this may become more customary. An example of a situation which | |||
| modem, and the CMTS (head-end) of the cable modem ensures that MAC | offers some extra assurances is one where the DHCP client is con- | |||
| address spoofing simply does not occur. | nected to a network through an MCNS cable modem, and the CMTS (head- | |||
| end) of the cable modem ensures that MAC address spoofing simply does | ||||
| not occur. | ||||
| Another example where the DHCP server would know the identity of the | Another example where the DHCP server would know the identity of the | |||
| client would be in a case where it was interacting with a remote | client would be in a case where it was interacting with a remote | |||
| access server which encoded a client identification into the DHCP | access server which encoded a client identification into the DHCP | |||
| client-id option. In this case, the remote access server as well as | client-id option. In this case, the remote access server as well as | |||
| the DHCP server would be operating within a trusted environment, and | the DHCP server would be operating within a trusted environment, and | |||
| the DHCP server could trust that the user authentication and authori- | the DHCP server could trust that the user authentication and authori- | |||
| zation procedure of the remote access server was sufficient, and | zation procedure of the remote access server was sufficient, and | |||
| would therefore trust the client identification encoded within the | would therefore trust the client identification encoded within the | |||
| DHCP client-id. | DHCP client-id. | |||
| skipping to change at page 11, line 45 | skipping to change at page 14, line 52 | |||
| The KEY RR used to hold the DHCP client's identity is formatted as | The KEY RR used to hold the DHCP client's identity is formatted as | |||
| follows: | follows: | |||
| The name of the KEY RR is the name of the A or PTR RR which refers to | The name of the KEY RR is the name of the A or PTR RR which refers to | |||
| the client. | the client. | |||
| The flags field is set to 0x42 - that is, the 1 bit and the 6 bit are | The flags field is set to 0x42 - that is, the 1 bit and the 6 bit are | |||
| set. | set. | |||
| The protocol field is set to 0. | The protocol field is set to [TBD]. | |||
| The algorithm field is set to 254. | The algorithm field is set to [TBD]. | |||
| The first byte in the key field contains the length of the client- | The first byte in the key field contains the length of the client- | |||
| identity, and is followed by that number of bytes. If a DHCP client | identity, and is followed by that number of bytes of client-identity | |||
| sent the client-id option in its request, the client-identity MUST be | data. If a DHCP client sent the client-id option in its request mes- | |||
| identical to the data in the client-id option. If a client did not | sage, the client-identity MUST be identical to the data in the | |||
| send the client-id option, the client-identity is constructed from | client-id option. If a client did not send the client-id option, the | |||
| the htype byte, the hlen byte, and hlen bytes of the client's chaddr | client-identity is constructed from the htype byte, the hlen byte, | |||
| from its request message. | and hlen bytes of the client's chaddr from its request message. | |||
| 7. References | 7. References | |||
| [RFC1034] P. Mockapetris, "Domain names - concepts and facilities", | [RFC1034] P. Mockapetris, "Domain names - concepts and facilities", | |||
| RFC1034, 11/01/1987 | RFC1034, 11/01/1987 | |||
| [RFC1035] P. Mockapetris, "Domain names - implementation and specifi- | [RFC1035] P. Mockapetris, "Domain names - implementation and specif- | |||
| cation", RFC1035, 11/01/1987 | ication", RFC1035, 11/01/1987 | |||
| [RFC2131] R. Droms, "Dynamic Host Configuration Protocol", RFC2131, | [RFC2131] R. Droms, "Dynamic Host Configuration Protocol", RFC2131, | |||
| March 1997 | March 1997. | |||
| [RFC2132] S. Alexander, R. Droms, "DHCP Options and BOOTP Vendor | ||||
| Extensions", RFC2132, March 1997. | ||||
| [RFC1594] A. Marine, J. Reynolds, G. Malkin, "FYI on Questions and | [RFC1594] A. Marine, J. Reynolds, G. Malkin, "FYI on Questions and | |||
| Answer Answers to Commonly asked ``New Internet User'' | Answer Answers to Commonly asked ``New Internet User'' | |||
| Questions", RFC1594, 03/11/1994 | Questions", RFC1594, 03/11/1994 | |||
| [DNSSEC] | ||||
| [RFC2136] P. Vixie, S. Thomson, Y. Rekhter, J. Bound, "Dynamic | [RFC2136] P. Vixie, S. Thomson, Y. Rekhter, J. Bound, "Dynamic | |||
| Updates in the Domain Name System (DNS UPDATE)", RFC2136, | Updates in the Domain Name System (DNS UPDATE)", RFC2136, | |||
| April 1997 | April 1997 | |||
| [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Require- | [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate | |||
| ment Levels", RFC 2119. | Requirement Levels", RFC2119. | |||
| [RFC2065] D. Eastlake, C. Kaufman, "Domain Name System Security | [DNSSEC] D. Eastlake, "Domain Name System Security Extensions", | |||
| Extensions", RFC 2065, January 1997. | RFC2535, March 1999. | |||
| [TSIG] P. Vixie, O. Gudmundsson, D. Eastlake, B. Wellington, | ||||
| "Secret Key Transaction Signatures for DNS", draft-ietf- | ||||
| dnsind-tsig-*, Work in Progress. | ||||
| [DHCPAUTH] R. Droms, W. Arbaugh, "Authentication for DHCP Messages", | ||||
| draft-ietf-dhc-authentication-*, Work in Progress. | ||||
| 8. Acknowledgements | 8. Acknowledgements | |||
| Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Peter Ford, | Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Robert Elz, | |||
| Edie Gunter, Kim Kinnear, Stuart Kwan, Ted Lemon, Michael Lewis, | Peter Ford, Edie Gunter, R. Barr Hibbs, Kim Kinnear, Stuart Kwan, | |||
| Michael Patton, and Glenn Stump for their review and comments. | Ted Lemon, Michael Lewis, Michael Patton, and Glenn Stump for | |||
| their review and comments. | ||||
| 9. Author information | 9. Author information | |||
| Yakov Rekhter | Yakov Rekhter | |||
| Cisco Systems, Inc. | Cisco Systems, Inc. | |||
| 170 Tasman Dr. | 170 Tasman Dr. | |||
| San Jose, CA 95134 | San Jose, CA 95134 | |||
| Phone: (914) 235-2128 | Phone: (914) 235-2128 | |||
| email: yakov@cisco.com | email: yakov@cisco.com | |||
| Mark Stapp | Mark Stapp | |||
| Cisco Systems | Cisco Systems, Inc. | |||
| 250 Apollo Drive | 250 Apollo Drive | |||
| Chelmsford, MA 01824 | Chelmsford, MA 01824 | |||
| Phone: (978) 244-8498 | Phone: (978) 244-8498 | |||
| email: mjs@cisco.com | email: mjs@cisco.com | |||
| 10. Full Copyright Statement | 10. Full Copyright Statement | |||
| Copyright (C) The Internet Society (1999). All Rights Reserved. | Copyright (C) The Internet Society (1999). All Rights Reserved. | |||
| This document and translations of it may be copied and furnished | This document and translations of it may be copied and furnished | |||
| to others, and derivative works that comment on or otherwise | to others, and derivative works that comment on or otherwise | |||
| explain it or assist in its implmentation may be prepared, copied, | explain it or assist in its implementation may be prepared, | |||
| published and distributed, in whole or in part, without restric- | copied, published and distributed, in whole or in part, without | |||
| tion of any kind, provided that the above copyright notice and | restriction of any kind, provided that the above copyright notice | |||
| this paragraph are included on all such copies and derivative | and this paragraph are included on all such copies and derivative | |||
| works. However, this document itself may not be modified in any | works. However, this document itself may not be modified in any | |||
| way, such as by removing the copyright notice or references to the | way, such as by removing the copyright notice or references to the | |||
| Internet Society or other Internet organizations, except as needed | Internet Society or other Internet organizations, except as needed | |||
| for the purpose of developing Internet standards in which case | for the purpose of developing Internet standards in which case | |||
| the procedures for copyrights defined in the Internet Standards | the procedures for copyrights defined in the Internet Standards | |||
| process must be followed, or as required to translate it into | process must be followed, or as required to translate it into | |||
| languages other than English. | languages other than English. | |||
| The limited permissions granted above are perpetual and will not | The limited permissions granted above are perpetual and will not | |||
| be revoked by the Internet Society or its successors or assigns. | be revoked by the Internet Society or its successors or assigns. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||