DHC Working Group                                               M. Stapp
Internet-Draft                                                Y. Rekhter
Expires: April September 2000                              Cisco Systems, Inc.
                                                           October, 1999
                                                          March 10, 2000

                    Interaction between DHCP and DNS
                    <draft-ietf-dhc-dhcp-dns-11.txt>
                    <draft-ietf-dhc-dhcp-dns-12.txt>

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

     The list of current Internet-Drafts can be accessed at
     http://www.ietf.org/ietf/1id-abstracts.txt

     The

   To view the entire list of Internet-Draft Shadow Directories can be accessed at Directories, see
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire April, on September 2000.

Copyright Notice

   Copyright (C) The Internet Society (1999). (2000). All Rights Reserved.

Abstract

   DHCP provides a powerful mechanism for IP host configuration.
   However, the configuration capability provided by DHCP does not
   include updating DNS, and specifically updating the name to address
   and address to name mappings maintained in the DNS.

   This document specifies how DHCP clients and servers should use the
   Dynamic DNS Updates mechanism in RFC2136[5] to update the DNS name
   to address and address to name mappings so that the mappings for
   DHCP clients will be consistent with the IP addresses that the
   clients acquire via DHCP.

Table of Contents

   1.    Terminology  . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.    Models of Operation  . . . . . . . . . . . . . . . . . . . .  3
   4.    Client FQDN Option    Issues with DDNS in DHCP Environments  . . . . . . . . . . .  4
   4.1   Name Collisions  . . . . . . . . . .  4
   4.1   The Flags Field . . . . . . . . . . . .  5
   4.2   Multiple DHCP servers  . . . . . . . . . . . . . .  5
   4.2   The RCODE Fields . . . . .  6
   4.3   Use of the DHCID RR  . . . . . . . . . . . . . . . . .  6
   4.3   The Domain Name Field . . .  6
   4.3.1 Format of the DHCID RRDATA . . . . . . . . . . . . . . . . .  6
   5.    DHCP Client behavior
   4.4   DNS RR TTLs  . . . . . . . . . . . . . . . . . . . .  6
   6.    DHCP Server behavior . . . .  8
   5.    Client FQDN Option . . . . . . . . . . . . . . . .  8
   7.    Procedures for performing DNS updates . . . . .  8
   5.1   The Flags Field  . . . . . . 10
   7.1   Name Collisions . . . . . . . . . . . . . . . .  9
   5.2   The RCODE Fields . . . . . . 10
   7.2   Multiple DHCP servers . . . . . . . . . . . . . . . . 10
   5.3   The Domain Name Field  . . . 11
   7.3   Use of the KEY RR . . . . . . . . . . . . . . . . 10
   6.    DHCP Client behavior . . . . . 11
   7.3.1 Format of the KEY RR . . . . . . . . . . . . . . . 10
   7.    DHCP Server behavior . . . . . . . 12
   7.4   DNS RR TTLs . . . . . . . . . . . . . 12
   8.    Procedures for performing DNS updates  . . . . . . . . . . . 12
   7.5 14
   8.1   Adding A RRs to DNS  . . . . . . . . . . . . . . . . . . . . 13
   7.6 14
   8.2   Adding PTR RR Entries to DNS . . . . . . . . . . . . . . . . 14
   7.7 15
   8.3   Removing Entries from DNS  . . . . . . . . . . . . . . . . . 14
   7.8 15
   8.4   Updating other RRs . . . . . . . . . . . . . . . . . . . . . 14
   8. 16
   9.    Security Considerations  . . . . . . . . . . . . . . . . . . 15
   9. 16
   10.   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 17
         References . . . . . . . . . . . . . . . . . . . . . . . . . 16 17
         Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 17 18
         Full Copyright Statement . . . . . . . . . . . . . . . . . . 18 19

1. Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119[6].

2. Introduction

   DNS RFC1034[1], RFC1035[2] (RFC1034[1], RFC1035[2]) maintains (among other things) the
   information about mapping between hosts' Fully Qualified Domain
   Names (FQDNs) RFC1594[4] and IP addresses assigned to the hosts. The
   information is maintained in two types of Resource Records (RRs): A
   and PTR. The A RR contains mapping from a FQDN to an IP address; the
   PTR RR contains mapping from an IP address to a FQDN.  The Dynamic
   DNS Updates specification RFC2136[5] (RFC2136[5]) describes a mechanism that
   enables DNS information to be updated over a network.

   DHCP RFC2131[3] provides a mechanism by which a host (a DHCP client)
   can acquire certain configuration information, along with its IP
   address(es). However, DHCP does not provide any mechanisms to update
   the DNS RRs that contain the information about mapping between the
   host's FQDN and its IP address(es) (A and PTR RRs). Thus the
   information maintained by DNS for a DHCP client may be incorrect - a
   host (the client) could acquire its address by using DHCP, but the A
   RR for the host's FQDN wouldn't reflect the address that the host
   acquired, and the PTR RR for the acquired address wouldn't reflect
   the host's FQDN.

   The Dynamic DNS Update protocol can be used to maintain consistency
   between the information stored in the A and PTR RRs and the actual
   address assignment done via DHCP. When a host with a particular FQDN
   acquires its IP address via DHCP, the A RR associated with the
   host's FQDN would be updated (by using the Dynamic DNS Updates
   protocol) to reflect the new address. Likewise, when an IP address
   is assigned to a host with a particular FQDN, the PTR RR associated
   with this address would be updated (using the Dynamic DNS Updates
   protocol) to reflect the new FQDN.

   Although this document refers to the A and PTR DNS record types and
   to DHCP assignment of IPv4 addresses, the same procedures and
   requirements apply for updates to the analogous RR types that are
   used when clients are assigned IPv6 addresses via DHCPv6.

3. Models of Operation

   When a DHCP client acquires a new address, a site's administrator
   may desire that one or both of the A RR for the client's FQDN and
   the PTR RR for the acquired address be updated. Therefore, two
   separate Dynamic DNS Update transactions occur. Acquiring an address
   via DHCP involves two entities: a DHCP client and a DHCP server. In
   principle each of these entities could perform none, one, or both of
   the transactions. However, in practice not all permutations make
   sense. This document covers these possible design permutations:

   1.  DHCP client updates the A RR, DHCP server updates the PTR RR
   2.  DHCP server updates both the A and the PTR RRs

   The only difference between these two cases is whether the FQDN to
   IP address mapping is updated by a DHCP client or by a DHCP server.
   The IP address to FQDN mapping is updated by a DHCP server in both
   cases.

   The reason these two are important, while others are unlikely, has
   to do with authority over the respective DNS domain names. A DHCP
   client may be given authority over mapping its own A RRs, or that
   authority may be restricted to a server to prevent the client from
   listing arbitrary addresses or associating its address with
   arbitrary domain names. In all cases, the only reasonable place for
   the authority over the PTR RRs associated with the address is in the
   DHCP server that allocates the address.

   In any case, whether a site permits all, some, or no DHCP servers
   and clients to perform DNS updates into the zones which it controls
   is entirely a matter of local administrative policy. This document
   does not require any specific administrative policy, and does not
   propose one. The range of possible policies is very broad, from
   sites where only the DHCP servers have been given credentials that
   the DNS servers will accept, to sites where each individual DHCP
   client has been configured with credentials which allow the client
   to modify its own domain name. Compliant implementations MAY support
   some or all of these possibilities. Furthermore, this specification
   applies only to DHCP client and server processes: it does not apply
   to other processes which initiate dynamic DNS updates.

   This document describes a new DHCP option which a client can use to
   convey all or part of its domain name to a DHCP server.
   Site-specific policy determines whether DHCP servers use the names
   that clients offer or not, and what DHCP servers may do in cases
   where clients do not supply domain names.

4. Client FQDN Option

   To Issues with DDNS in DHCP Environments

   There are two DNS update the IP address to FQDN mapping a situations that require special
   consideration in DHCP environments: cases where more than one DHCP server needs to know
   the FQDN of the client to which the server leases the address. To
   allow the
   client to convey its FQDN to has been configured with the server this document
   defines a new DHCP option, called "Client FQDN". The FQDN Option
   also contains Flags same FQDN, and RCode fields which cases where more
   than one DHCP servers can use server has been given authority to
   convey information about perform DNS updates
   in a zone. In these cases, it is possible for DNS records to clients.

   Clients MAY send the FQDN option, setting appropriate Flags values, be
   modified in both their DISCOVER and REQUEST messages. If inconsistent ways unless the updaters have a client sends mechanism
   that allows them to detect anomolous situations. If DNS updaters can
   detect these situations, site administrators can configure the
   FQDN option in its DISCOVER message, it MUST send
   updaters' behavior so that the option in
   subsequent REQUEST messages.

   The code for site's policies can be enforced. We
   use the term "Name Collisions" to refer to cases where more than one
   DHCP client has been associated with a single FQDN. This
   specification describes a mechanism designed to allow updaters to
   detect these situations, and requires that DHCP implementations use
   this option is 81. Its minimum length is 4.

        Code   Len    Flags  RCODE1 RCODE2   Domain Name
       +------+------+------+------+------+------+--
       |  81  |   n  |      |      |      |       ...
       +------+------+------+------+------+------+-- mechanism by default.

4.1 The Flags Field

        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |   MBZ   |E|O|S|
       +-+-+-+-+-+-+-+-+

   When Name Collisions

   How can the entity updating an A RR (either the DHCP client or DHCP
   server) detect that a domain name has an A RR which is already in
   use by a different DHCP client? Similarly, should a DHCP client sends or
   server update a domain name which has an A RR that has been
   configured by an administrator?  In either of these cases, the FQDN option
   domain name in question would either have an additional A RR, or
   would have its DHCPDISCOVER and/or
   DHCPREQUEST messages, it sets original A RR replaced by the new record. Either of
   these effects may be considered undesirable by some sites. Different
   authority and credential models have different levels of exposure to
   name collisions.

   1.  Client updates A RR, uses Secure DNS Update with credentials
       that are associated with the client's FQDN, and exclusive to the
       client. Name collisions in this scenario are unlikely (though
       not impossible), since the client has received credentials
       specific to the name it desires to use.  This implies that the
       name has already been allocated (through some implementation- or
       organization-specific procedure) to that client.

   2.  Client updates A RR, uses Secure DNS Update with credentials
       that are valid for any name in the zone. Name collisions in this
       scenario are possible, since the credentials necessary for the
       client to update DNS are not necessarily name-specific.  Thus,
       for the client to be attempting to update a unique name requires
       the existence of some administrative procedure to ensure client
       configuration with unique names.

   3.  Server updates the A RR, uses a name for the client which is
       known to the server. Name collisions in this scenario are likely
       unless prevented by the server's name configuration procedures.
       See Section 9 for security issues with this form of deployment.

   4.  Server updates the A RR, uses a name supplied by the client.
       Name collisions in this scenario are highly likely, even with
       administrative procedures designed to prevent them.  (This
       scenario is a popular one in real-world deployments in many
       types of organizations.)  See Section 9 for security issues with
       this type of deployment.

   Scenarios 2, 3, and 4 rely on administrative procedures to ensure
   name uniqueness for DNS updates, and these procedures may break
   down. Experience has shown that, in fact, these procedures will
   break down at least occasionally.  The question is what to do when
   these procedures break down or, for example in scenario #4, may not
   even exist.

   In all cases of name collisions, the desire is to offer two modes of
   operation to the administrator of the combined DHCP-DNS capability:
   first-update-wins (i.e., the first updating entity gets the name) or
   most-recent-update-wins (i.e., the last updating entity for a name
   gets the name).

4.2 Multiple DHCP servers

   If multiple DHCP servers are able to update the same DNS zones, or
   if DHCP servers are performing A RR updates on behalf of DHCP
   clients, and more than one DHCP server may be able to serve
   addresses to the same DHCP clients, the DHCP servers should be able
   to provide reasonable and consistent DNS name update behavior for
   DHCP clients.

4.3 Use of the DHCID RR

   A solution to both of these problems is for the right-most bit (labelled "S") updating entities
   (both DHCP clients and DHCP servers) to
   indicate be able to detect that it will not perform any Dynamic
   another entity has been associated with a DNS updates, name, and that
   it expects to offer
   administrators the DHCP server opportunity to perform any FQDN-to-IP (the A RR) DNS configure update on its behalf. If this bit behavior.

   Specifically, a DHCID RR, described in DHCID RR[12] is clear, the used to
   associate client indicates identification information with a DNS name and the
   A RR associated with that it intends to maintain its own FQDN-to-IP mapping update.

   If name.  When either a DHCP client or server intends to take responsibility adds
   an A RR for a client, it also adds a DHCID RR which specifies a
   unique client identity (based on a "client specifier" created from
   the client's client-id or MAC address).  In this model, only one A
   RR update is associated with a given DNS name at a time.

   By associating this ownership information with each A RR,
   cooperating DNS updating entities may determine whether or not the their client sending the FQDN option has set
   is the "S"
   bit, it sets both first or last updater of the "O" bit and name (and implement the "S" bit,
   appropriately configured administrative policy), and sends the FQDN
   option in its DHCPOFFER and/or DHCPACK messages.

   The data in the Domain Name field DHCP clients
   which currently have a host name may appear in move from one of two formats:
   ASCII, or DNS-style binary encoding (without compression, of
   course), as described in RFC1035[2]. A client which sends the FQDN
   option MUST set DHCP server to
   another without losing their DNS name.

   The specific algorithms utilizing the "E" bit DHCID RR to indicate that the data signal client
   ownership are explained below.  The algorithms only work in the Domain
   Name field case
   where the updating entities all cooperate -- this approach is DNS-encoded. If a server receives an FQDN option from
   a client,
   advisory only and intends to include an FQDN option in its reply, is not substitute for DNS security, nor is it
   MUST use the same encoding that
   replaced by DNS security.

4.3.1 Format of the client used. DHCID RRDATA

   The DNS encoding DHCID RR used to hold the DHCP client's identity is
   recommended. formatted as
   follows:

   The use name of ASCII-encoded domain-names the DHCID RR is fragile, and the use name of ASCII encoding in this option should be considered
   deprecated. the A or PTR RR which refers
   to the DHCP client.

   The remaining bits RDATA section of a DHCID RR in transmission contains RDLENGTH
   bytes of binary data. From the Flags field are reserved for future
   assignment. perspective of DHCP clients and servers which send the FQDN option MUST
   set the MBZ bits to 0, and they MUST ignore values in
   servers, the part DHC resource record consists of a 16-bit identifier
   type, followed by one or more bytes representing the field labelled "MBZ".

4.2 The RCODE Fields

   The RCODE1 and RCODE2 fields actual
   identifier. There are used by a DHCP server to indicate
   to two possible forms for a DHCP client the Response Code from any A or PTR DHCID RR Dynamic DNS
   Updates it has performed. The server also uses these fields to
   indicate whether it has attempted such an update before sending the
   DHCPACK message. Each of these fields is - one byte long.

4.3 The Domain Name Field

   The Domain Name part of that
   is used when the client's link-layer address is being used to
   identify it, and one that is used when some DHCP option carries that the FQDN of a
   DHCP
   client. A client may be configured with a fully-qualified domain
   name, or with a partial name that has sent is not fully-qualified. If a
   client knows only part of its name, it MAY send a single label,
   indicating being used to identify it.

      DISCUSSION:
      Implementors should note that it knows part of the name but does not necessarily
   know actual identifying data is
      never placed into the zone in which DNS directly. Instead, the name is to be embedded. The client-identity
      data in is used as the
   Domain Name field may appear in one input into a one-way hash algorithm, and the
      output of two formats: ASCII (with no
   terminating NULL), or DNS encoding that hash is then used as DNS RRDATA. This has been
      specified in RFC1035[2]. If
   the DHCP client wishes order to use DNS encoding, it MUST set the
   third-from-rightmost bit in the Flags field (the "E" bit); if it
   uses ASCII encoding, it must clear the "E" bit.

   A avoid placing data about DHCP client clients that can only send a single label using ASCII encoding
   includes a series of ASCII characters in
      some sites might consider sensitive into the Domain Name field,
   excluding DNS.

   When the "." (dot) character. The client SHOULD follow updater is using the
   character-set recommendations client's link-layer address, the first
   two bytes of RFC1034[1] and RFC1035[2]. A client
   using DNS encoding which wants to suggest part the DHCID RRDATA MUST be zero. To generate the rest of its FQDN MAY send
   the resource record, the updater MUST compute a non-terminal sequence of labels in one-way hash using
   the Domain Name part of MD5[13] algorithm across a buffer containing the
   option.

5. DHCP Client behavior

   The following describes client's
   network hardware type and link-layer address. Specifically, the behavior
   first byte of a DHCP client that
   implements the Client FQDN option.

   If a client that owns/maintains its own FQDN wants to be responsible
   for updating buffer contains the FQDN to IP address mapping for network hardware type as it
   appears in the FQDN and
   address(es) used by DHCP htype field of the client, then client's DHCPREQUEST message.
   All of the client MUST include significant bytes of the
   Client FQDN option chaddr field in the client's
   DHCPREQUEST message originated by follow, in the
   client. A DHCP client MAY choose to include same order in which the Client FQDN option bytes
   appear in its DISCOVER messages as well as its REQUEST messages. the DHCPREQUEST message. The
   rightmost ("S") bit number of significant bytes
   in the Flags chaddr field is specified in the option MUST be set to
   0. Once hlen field of the client's DHCP configuration
   DHCPREQUEST message.

   When the updater is completed (the client
   receives a DHCPACK message, and successfully completes using a final check
   on DHCP option sent by the parameters passed client in its
   DHCPREQUEST message, the message), first two bytes of the DHCID RR MUST be the
   option code of that option, in network byte order. For example, if
   the DHCP client MAY originate
   an update for identifier option is being used, the A first byte of
   the DHCID RR (associated with should be zero, and the client's FQDN). second byte should be 61
   decimal. The
   update rest of the DHCID RR MUST be originated contain the results of
   computing a one-way hash across the payload of the option being
   used, using the MD5 algorithm. The payload of a DHCP option consists
   of the bytes of the option following the procedures described in
   RFC2136[5], option code and Section 7. If length.

   In order for independent DHCP implementations to be able to use the
   DHCID RR as a prerequisite in dynamic DNS updates, each updater must
   be able to reliably choose the DHCP server from same identifier that any other would
   choose.  To make this possible, we specify a prioritization which the
   will ensure that for any given DHCP client
   is requesting a lease includes request, any updater will
   select the FQDN option in its ACK message,
   and same client-identity data.  All updaters MUST use this
   order of prioritization by default, but all implementations SHOULD
   be configurable to use a different prioritization if so desired by
   the server sets both the "S" and site administrators.  Because of the "O" (the two rightmost)
   bits possibility of future
   changes in the option's flags field, the DHCP client MUST NOT initiate
   an update protocol, implementors SHOULD check for the name in the Domain Name field.

   A client updated
   versions of this draft when implementing new DHCP clients and
   servers which can choose to delegate the responsibility for updating the
   FQDN to IP address mapping for the FQDN perform DDNS updates, and address(es) used by also when releasing new
   versions of existing clients and servers.

   DHCP clients and servers should use the following forms of client to
   identification, starting with the server.  In order to inform most preferable, and finishing
   with the server least preferable.  If the client does not send any of these
   forms of identification, the DHCP/DDNS interaction is not defined by
   this choice, specification.  The most preferable form of identification is
   the client SHOULD include Globally Unique Identifier Option [TBD].  Next is the DHCP
   Client FQDN option Identifier option.  Last is the client's link-layer address,
   as conveyed in its DHCPREQUEST message. The rightmost (or "S") bit  Implementors should note
   that the link-layer address cannot be used if there are no
   significant bytes in the Flags chaddr field in of the option
   MUST DHCP client's request,
   because this does not constitute a unique identifier.

4.4 DNS RR TTLs

   RRs associated with DHCP clients may be set more volatile than
   statically configured RRs. DHCP clients and servers which perform
   dynamic updates should attempt to 1. A client specify resource record TTLs which delegates
   reflect this responsibility MUST
   NOT attempt volatility, in order to perform a Dynamic DNS update for minimize the name possibility that
   there will be stale records in resolvers' caches. A reasonable basis
   for RR TTLs is the
   Domain Name field lease duration itself: TTLs of the FQDN option. The client MAY supply an FQDN
   in the Client FQDN option, 1/2 or 1/3 the
   expected lease duration might be reasonable defaults. Because
   configured DHCP lease times vary widely from site to site, it may
   also be desirable to establish a fixed TTL ceiling. DHCP clients and
   servers MAY supply allow administrators to configure the TTLs they will
   supply, possibly as a single label (the
   most-specific label), fraction of the actual lease time, or it MAY leave that field empty as a signal
   to
   fixed value.

5. Client FQDN Option

   To update the server IP address to generate an FQDN for the client in any manner the
   server chooses.

   Since there is mapping a possibility that the DHCP server may be configured needs to complete or replace a domain name that know
   the client was configured
   to send, FQDN of the client might find it useful to send the FQDN option in
   its DISCOVER messages. If which the DHCP server returns different Domain
   Name data in its OFFER message, leases the address. To
   allow the client could use that data in
   performing to convey its own eventual A RR update, or in forming the FQDN
   option that it sends in its REQUEST message. There is no requirement
   that to the client server this document
   defines a new DHCP option, called "Client FQDN". The FQDN Option
   also contains Flags and RCode fields which DHCP servers can use to
   convey information about DNS updates to clients.

   Clients MAY send identical the FQDN option data option, setting appropriate Flags values,
   in its both their DISCOVER and REQUEST messages. In particular, if If a client has sent sends the
   FQDN option to its server, and the configuration of the client changes so
   that its notion of in its domain name changes, DISCOVER message, it MAY MUST send the new name
   data option in an
   subsequent REQUEST messages.

   The code for this option is 81. Its minimum length is 4.

        Code   Len    Flags  RCODE1 RCODE2   Domain Name
       +------+------+------+------+------+------+--
       |  81  |   n  |      |      |      |       ...
       +------+------+------+------+------+------+--

5.1 The Flags Field

        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |   MBZ   |E|O|S|
       +-+-+-+-+-+-+-+-+

   When a DHCP client sends the FQDN option when in its DHCPDISCOVER and/or
   DHCPREQUEST messages, it communicates with sets the server again.
   This may allow right-most bit (labelled "S") to
   indicate that it will not perform any Dynamic DNS updates, and that
   it expects the DHCP server to update the name associated with
   the PTR record, and, if the server updated the perform any FQDN-to-IP (the A record representing
   the client, to delete that record and attempt an RR) DNS
   update for on its behalf. If this bit is clear, the
   client's current domain name.

   A client indicates
   that delegates the responsibility for updating the FQDN it intends to
   IP address maintain its own FQDN-to-IP mapping to a server might not receive any indication
   (either positive or negative) from the server whether the server was
   able to perform the update. In this case the client MAY use

   If a DNS
   query DHCP server intends to check whether take responsibility for the mapping is updated. A client MUST set RR update
   whether or not the RCODE1 and RCODE2 fields in client sending the Client FQDN option to 0 when sending has set the option.

   If a client releases its lease prior to "S"
   bit, it sets both the lease expiration time "O" bit and the client is responsible for updating "S" bit, and sends the FQDN
   option in its A RR, DHCPOFFER and/or DHCPACK messages.

   The data in the Domain Name field may appear in one of two formats:
   ASCII, or DNS-style binary encoding (without compression, of
   course), as described in RFC1035[2]. A client
   SHOULD delete which sends the A RR (following FQDN
   option MUST set the procedures described "E" bit to indicate that the data in
   Section 7) associated with the leased address before sending Domain
   Name field is DNS binary encoded. If a DHCP
   RELEASE message. Similarly, if server receives an FQDN
   option from a client was responsible for updating
   its A RR, but is unable client, and intends to renew include an FQDN option in its lease,
   reply, it MUST use the client SHOULD
   attempt to delete same encoding that the A RR before its lease expires. A DHCP client
   which has not been able to delete an A RR which it added (because it
   has lost used. The DNS
   encoding is recommended. The use of ASCII-encoded domain-names is
   fragile, and the use of its DHCP IP address) ASCII encoding in this option should attempt to notify
   its administrator.

6. DHCP Server behavior

   When a server receives a DHCPREQUEST message from a client, if be
   considered deprecated.

   The remaining bits in the
   message contains Flags field are reserved for future
   assignment. DHCP clients and servers which send the Client FQDN option, option MUST
   set the MBZ bits to 0, and they MUST ignore values in the server replies to part of
   the message with field labelled "MBZ".

5.2 The RCODE Fields

   The RCODE1 and RCODE2 fields are used by a DHCPACK message, the DHCP server may be configured to
   originate an update for indicate
   to a DHCP client the Response Code from any A or PTR RR (associated with the address
   leased to the client). Any such update MUST be originated following
   the procedures described in Section 7. Dynamic DNS
   Updates it has performed. The server MAY complete the may also use these fields to
   indicate whether it has attempted such an update before the server sends sending the
   DHCPACK message message. Each of these fields is one byte long.

   Implementors should note that EDNS0 describes a mechanism for
   extending the length of a DNS RCODE to 12 bits. EDNS0 is specified
   in RFC2671[8]. Only the client. In
   this case least-significant 8 bits of the RCODE from the update MUST a
   Dynamic DNS Update will be carried to the client in the RCODE1 field of the Client FQDN option in the DHCPACK message.
   Alternatively, the server MAY send the DHCPACK message to the client
   without waiting for the update DHCP Option.
   This provides enough number space to be completed. In this case the
   RCODE1 field of accomodate the Client FQDN option RCODEs defined
   in the DHCPACK message MUST
   be set to 255. Dynamic DNS Update specification.

5.3 The choice between the two alternatives is entirely
   determined by Domain Name Field

   The Domain Name part of the configuration option carries all or part of the FQDN
   of a DHCP server. Servers SHOULD
   support both configuration options.

   When client. A client may be configured with a server receives fully-qualified
   domain name, or with a partial name that is not fully-qualified. If
   a client knows only part of its name, it MAY send a DHCPREQUEST message containing single label,
   indicating that it knows part of the Client
   FQDN option, name but does not necessarily
   know the server MUST ignore zone in which the values carried name is to be embedded. The data in the RCODE1
   and RCODE2 fields
   Domain Name field may appear in one of the option.

   In addition, if the Client FQDN option carried two formats: ASCII (with no
   terminating NULL), or DNS encoding as specified in RFC1035[2]. If
   the DHCPREQUEST
   message has DHCP client wishes to use DNS encoding, it MUST set the "S"
   third-from-rightmost bit in its the Flags field set, then the server MAY
   originate an update for (the "E" bit); if it
   uses ASCII encoding, it MUST clear the "E" bit.

   A RR (associated with the FQDN carried DHCP client that can only send a single label using ASCII encoding
   includes a series of ASCII characters in the option) if it is configured to do so by the site's
   administrator, and if it has Domain Name field,
   excluding the necessary credentials. "." (dot) character. The server
   MAY be configured to use the name supplied in client SHOULD follow the client's
   character-set recommendations of RFC1034[1] and RFC1035[2]. A client
   using DNS binary encoding which wants to suggest part of its FQDN
   option, or it
   MAY be configured to modify the supplied name, or
   substitute send a different name.

   Any such update MUST be originated following the procedures
   described non-terminal sequence of labels in Section 7. The server MAY originate the update before
   the server sends the DHCPACK message to the client. In this case the
   RCODE from the update [RFC2136] MUST be carried to Domain Name part
   of the client in option.

6. DHCP Client behavior

   The following describes the
   RCODE2 field behavior of a DHCP client that
   implements the Client FQDN option in the DHCPACK message.
   Alternatively the server MAY send the DHCPACK message to the option.

   If a client
   without waiting that owns/maintains its own FQDN wants to be responsible
   for updating the update FQDN to be completed. In this case IP address mapping for the
   RCODE2 field of FQDN and
   address(es) used by the client, then the client MUST include the
   Client FQDN option in the DHCPACK DHCPREQUEST message MUST
   be set to 255. The choice between the two alternatives is entirely
   up to originated by the
   client. A DHCP server. In either case, if the server intends client MAY choose to
   perform the DNS update and the client's REQUEST message included the
   FQDN option, the server SHOULD include the Client FQDN option
   in its ACK
   message, and MUST set the "S" DISCOVER messages as well as its REQUEST messages. The
   rightmost ("S") bit in the option's Flags field.

   Even if field in the Client FQDN option carried in MUST be set to
   0. Once the DHCPREQUEST message
   has client's DHCP configuration is completed (the client
   receives a DHCPACK message, and successfully completes a final check
   on the "S" bit parameters passed in its Flags field clear (indicating that the client
   wants to update the A RR), message), the server client MAY be configured by the local
   administrator to originate
   an update for the A RR on (associated with the client's behalf. A FQDN). The
   update MUST be originated following the procedures described in
   RFC2136[5] and Section 8. If the DHCP server from which the client
   is configured to override requesting a lease includes the client's preference SHOULD
   include an FQDN option in its ACK message,
   and MUST set if the server sets both the "S" and the "O"
   and "S" bits (the two
   rightmost bits) in the FQDN option's Flags field. The update flags field, the DHCP client MUST be
   originated following
   NOT initiate an update for the procedures described name in Section 7. The
   server MAY originate the update before Domain Name field.

   A client can choose to delegate the server sends responsibility for updating the DHCPACK
   message
   FQDN to IP address mapping for the client. In this case the RCODE from FQDN and address(es) used by the update
   [RFC2136] MUST be carried
   client to the client in server.  In order to inform the RCODE2 field server of this choice,
   the client SHOULD include the Client FQDN option in the DHCPACK its DHCPREQUEST
   message. Alternatively, the server
   MAY send the DHCPACK message to the client without waiting for the
   update to be completed. In this case The rightmost (or "S") bit in the RCODE2 Flags field of the Client
   FQDN option in the DHCPACK message option
   MUST be set to 255. Whether the
   DNS update occurs before or after the DHCPACK is sent is entirely up
   to the DHCP server's configuration.

   When a DHCP server sends the Client FQDN option 1. A client which delegates this responsibility MUST
   NOT attempt to perform a client in the
   DHCPACK message, the DHCP server SHOULD send its notion of the
   complete FQDN Dynamic DNS update for the client name in the
   Domain Name field. field of the FQDN option. The server client MAY simply copy the Domain Name field from supply an FQDN
   in the Client FQDN option option, or it MAY supply a single label (the
   most-specific label), or it MAY leave that the client sent field empty as a signal
   to the server to generate an FQDN for the client in any manner the
   server chooses.

   Since there is a possibility that the DHCPREQUEST message. The DHCP server MAY may be configured
   to complete or modify the replace a domain name
   which a that the client sent, or it MAY be was configured
   to substitute a
   different name. If the server initiates a DDNS update which is not
   complete until after send, the server has replied client might find it useful to send the DHCP client, FQDN option in
   its DISCOVER messages. If the
   server's The DHCP server MUST use the same encoding format (ASCII or
   DNS-encoding) that returns different Domain
   Name data in its OFFER message, the client used could use that data in
   performing its own eventual A RR update, or in forming the FQDN
   option that it sends in its
   DHCPREQUEST, and MUST set REQUEST message. There is no requirement
   that the "E" bit client send identical FQDN option data in the option's Flags field
   accordingly.

   If its DISCOVER and
   REQUEST messages. In particular, if a client's DHCPREQUEST message doesn't carry client has sent the Client FQDN
   option (e.g., to its server, and the configuration of the client doesn't implement changes so
   that its notion of its domain name changes, it MAY send the Client new name
   data in an FQDN option), option when it communicates with the server MAY be configured again.
   This may allow the DHCP server to update either or both of the A and name associated with
   the PTR RRs. The updates MUST be originated following record, and, if the procedures
   described in Section 7.

   If a server detects updated the A record representing
   the client, to delete that a lease on record and attempt an address update for the
   client's current domain name.

   A client that delegates the server
   leases responsibility for updating the FQDN to
   IP address mapping to a client has expired, server might not receive any indication
   (either positive or negative) from the server SHOULD delete any PTR RR
   which it added via dynamic update. In addition, if whether the server added
   an A RR on was
   able to perform the client's behalf, update. In this case the server SHOULD also delete client MAY use a DNS
   query to check whether the mapping is updated.

   A
   RR. The deletion client MUST follow set the procedures described RCODE1 and RCODE2 fields in Section 7. the Client FQDN
   option to 0 when sending the option.

   If a server terminates a client releases its lease on an address prior to the lease's lease expiration time, for instance by sending a DHCPNAK to a client, the
   server SHOULD delete any PTR RR which it associated with the address
   via DNS Dynamic Update. In addition, if time
   and the server took
   responsibility client is responsible for an updating its A RR, the server client
   SHOULD also delete that the A RR.
   The deletion MUST follow RR (following the procedures described in
   Section 7.

7. Procedures for performing DNS updates

   There are two principal issues that need to be addressed concerning
   A RR DNS updates:

7.1 Name Collisions

   If 8) associated with the entity leased address before sending a DHCP
   RELEASE message. Similarly, if a client was responsible for updating the
   its A RR (either RR, but is unable to renew its lease, the DHCP client or DHCP
   server) attempts to perform a DNS update SHOULD
   attempt to a domain name that has
   an delete the A RR which is already in use by a different DHCP client, what
   should be done?  Similarly, should a before its lease expires. A DHCP client or server update a
   domain name
   which has an A RR that has not been configured by an
   administrator? In either of these cases, the domain name in question
   would either have able to delete an additional A RR, or would have its original A RR replaced by which it added (because it
   has lost the new record. Either use of these effects may be
   considered undesirable in some sites. This specification describes
   behavior designed its DHCP IP address) should attempt to prevent these undesirable effects, and requires
   that notify
   its administrator.

7. DHCP implementations make this Server behavior

   When a server receives a DHCPREQUEST message from a client, if the
   message contains the default.

   1. Client updates A RR, uses DNSSEC. Name collisions in this
       scenario are unlikely (though not impossible), since for FQDN option, and the
       client server replies to use DNSSEC, it has already received credentials
       specific
   the message with a DHCPACK message, the server may be configured to
   originate an update for the name it desires PTR RR (associated with the address
   leased to use.  This implies that the
       name has already been allocated (through some implementation- or
       organization-specific procedure, and presumably uniquely) client). Any such update MUST be originated following
   the procedures described in Section 8. The server MAY complete the
   update before the server sends the DHCPACK message to
       that the client.

   2.  Client updates A RR, uses some form of TSIG. Name collisions in In
   this scenario are possible, since case the credentials necessary for RCODE from the client to update DNS are not necessarily name-specific.
       Thus, for the client to MUST be attempting carried to update a unique name
       requires the existence of some administrative procedure to
       ensure client configuration with unique names.

   3.  Server updates in
   the A RR, uses a name for RCODE1 field of the Client FQDN option in the DHCPACK message.
   Alternatively, the server MAY send the DHCPACK message to the client which is
       known
   without waiting for the update to be completed. In this case the server. Name collisions
   RCODE1 field of the Client FQDN option in this scenario are likely
       unless prevented the DHCPACK message MUST
   be set to 255.  The choice between the two alternatives is entirely
   determined by the server's name configuration procedures.
       See Section 8 for security issues with this form of deployment.

   4.  Server updates the A RR, uses DHCP server. Servers SHOULD
   support both configuration options.

   When a name supplied by server receives a DHCPREQUEST message containing the client.
       Name collisions Client
   FQDN option, the server MUST ignore the values carried in this scenario are highly likely, even with
       administrative procedures designed to prevent them.  (This
       scenario is a popular one the RCODE1
   and RCODE2 fields of the option.

   In addition, if the Client FQDN option carried in real-world deployments the DHCPREQUEST
   message has the "S" bit in many
       types of organizations.)  See Section 8 its Flags field set, then the server MAY
   originate an update for security issues the A RR (associated with
       this type of deployment.

   Scenarios 3 and 4 are much more attractive given some form of DHCP
   Authentication, but difficulties remain.

   Scenarios 2, 3, and 4 rely on administrative procedures the FQDN carried
   in the option) if it is configured to ensure
   name uniqueness for DNS updates, do so by the site's
   administrator, and these procedures may break
   down. Experience if it has shown that, in fact, these procedures will
   break down at least occasionally. the necessary credentials. The question is what server
   MAY be configured to use the name supplied in the client's FQDN
   option, or it MAY be configured to do when
   these modify the supplied name, or
   substitute a different name.

   Any such update MUST be originated following the procedures break down or, for example
   described in scenario #4, may not
   even exist.

   In all cases of name collisions, Section 8. The server MAY originate the desire is update before
   the server sends the DHCPACK message to offer two modes of
   operation the client. In this case the
   RCODE from the update [RFC2136] MUST be carried to the administrator client in the
   RCODE2 field of the combined DHCP-DNS capability:
   first-update-wins (i.e., Client FQDN option in the first updating entity gets DHCPACK message.
   Alternatively the name) or
   most-recent-update-wins (i.e., server MAY send the last updating entity DHCPACK message to the client
   without waiting for a name
   gets the name).

7.2 Multiple DHCP servers

   If multiple DHCP servers are able to update to be completed. In this case the same DNS zones, or
   if DHCP servers are performing A RR updates on behalf
   RCODE2 field of DHCP
   clients, and more than one DHCP server may the Client FQDN option in the DHCPACK message MUST
   be able set to serve
   addresses 255. The choice between the two alternatives is entirely
   up to the same DHCP clients, server. In either case, if the server intends to
   perform the DNS update and the client's REQUEST message included the
   FQDN option, the server SHOULD include the FQDN option in its ACK
   message, and MUST set the "S" bit in the option's Flags field.

   Even if the Client FQDN option carried in the DHCPREQUEST message
   has the "S" bit in its Flags field clear (indicating that the client
   wants to update the A RR), the DHCP servers should server MAY be able configured by the local
   administrator to provide reasonable and consistent DNS name update behavior for
   DHCP clients.

7.3 Use of the KEY A RR on the client's behalf. A solution server
   which is configured to override the client's preference SHOULD
   include an FQDN option in its ACK message, and MUST set both of these problems is for the updating entities
   (both DHCP clients "O"
   and DHCP servers) to "S" bits in the FQDN option's Flags field. The update MUST be able to cooperate when
   updating DNS A RRs.

   Specifically, a KEY RR,
   originated following the procedures described in RFC2535[7] is used to associate
   client ownership information with a DNS name and Section 8. The
   server MAY originate the update before the A RR associated
   with that name.  When either a client or server adds an A RR for a
   client, it also adds a KEY RR which specifies a unique client
   identity (based on a "client specifier" created from sends the client's
   client-id or MAC address). DHCPACK
   message to the client. In this model, only one A RR is
   associated with a given DNS name at a time.

   By associating this ownership information with each A RR,
   cooperating DNS updating entities may determine whether their client
   is the first or last updater of the name (and implement case the
   appropriately configured administrative policy), and DHCP clients
   which currently have a host name may move RCODE from one DHCP server to
   another without losing their DNS name.

   The specific algorithms utilizing the KEY RR update
   [RFC2136] MUST be carried to signal the client
   ownership are explained below.  The algorithms only work in the case
   where RCODE2 field of the
   Client FQDN option in the DHCPACK message. Alternatively, the updating entities all cooperate -- this approach is
   advisory only and does not substitute for DNS security, nor is it
   replaced by DNS security.

7.3.1 Format of server
   MAY send the KEY RR

   The KEY RR used DHCPACK message to hold the DHCP client's identity is formatted as
   follows:

   The name of client without waiting for the KEY RR is
   update to be completed. In this case the name RCODE2 field of the A or PTR RR which refers
   to Client
   FQDN option in the client.

   The flags field is DHCPACK message MUST be set to 0x4200 - that is, 255. Whether the 1 bit and
   DNS update occurs before or after the 6 bit
   are set.

   The protocol field DHCPACK is set to [TBD].

   The algorithm field sent is set entirely up
   to [TBD].

        0                            15                               31
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |             Version           |       Identity-length         |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       /                        Client-identity...                     /
       /                                                               /
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The Version field indicates the version of DHCP server's configuration.

   When a DHCP server sends the data used in this RR.
   The Version field is Client FQDN option to a 2-byte integer client in network byte-order. Its
   value MUST be 1.

   The remainder of the Key field contains
   DHCPACK message, the length DHCP server SHOULD send its notion of the
   client-identity, followed by
   complete FQDN for the client in the Domain Name field. The server
   MAY simply copy the Domain Name field from the Client FQDN option
   that number of bytes of client-identity
   data. the client sent to the server in the DHCPREQUEST message. The data length is represented as
   DHCP server MAY be configured to complete or modify the domain name
   which a 2-byte integer in network
   byte order. client sent, or it MAY be configured to substitute a
   different name. If the server initiates a DDNS update which is not
   complete until after the server has replied to the DHCP client, the
   server's The server MUST use the same encoding format (ASCII or DNS
   binary encoding) that the client sent used in the client-id FQDN option in its
   request message, the client-identity
   DHCPREQUEST, and MUST be identical to set the data "E" bit in the client-id option. option's Flags field
   accordingly.

   If a client did not send the client-id
   option, client's DHCPREQUEST message doesn't carry the client-identity is constructed from Client FQDN
   option (e.g., the htype byte, client doesn't implement the
   hlen byte, and hlen bytes of Client FQDN option),
   the client's chaddr from its request
   message.

7.4 DNS RR TTLs

   RRs associated with DHCP clients may server MAY be more volatile than
   statically configured RRs. DHCP clients to update either or both of the A and servers which perform
   dynamic
   PTR RRs. The updates should attempt to specify resource record TTLs which
   reflect this volatility, MUST be originated following the procedures
   described in order Section 8.

   If a server detects that a lease on an address that the server
   leases to minimize a client has expired, the possibility that
   there will be stale records in resolvers' caches. server SHOULD delete any PTR RR
   which it added via dynamic update. In addition, if the server added
   an A reasonable basis
   for RR TTLs is on the lease duration itself: TTLs of 1/2 or 1/3 client's behalf, the
   expected lease duration might be reasonable defaults. Because
   configured DHCP lease times vary widely from site to site, it may server SHOULD also be desirable to establish a fixed TTL ceiling. DHCP clients and
   servers MAY allow administrators to configure delete the TTLs they will
   supply, possibly as A
   RR. The deletion MUST follow the procedures described in Section 8.

   If a server terminates a fraction of the actual lease on an address prior to the lease's
   expiration time, or as for instance by sending a
   fixed value.

7.5 DHCPNAK to a client, the
   server SHOULD delete any PTR RR which it associated with the address
   via DNS Dynamic Update. In addition, if the server took
   responsibility for an A RR, the server SHOULD also delete that A RR.
   The deletion MUST follow the procedures described in Section 8.

8. Procedures for performing DNS updates

8.1 Adding A RRs to DNS

   When a DHCP client or server intends to update an A RR, it first
   prepares a DNS UPDATE query which includes as a prerequisite the
   assertion that the name does not exist.  The update section of the
   query attempts to add the new name and its IP address mapping (an A
   RR), and the KEY DHCID RR with its unique client-identity.

   If this update operation succeeds, the updater can conclude that it
   has added a new name whose only RRs are the A and KEY DHCID RR records.
   The A RR update is now complete (and a client updater is finished,
   while a server might proceed to perform a PTR RR update).

   If the first update operation fails with YXDOMAIN, the updater can
   conclude that the intended name is in use.  The updater then
   attempts to confirm that the DNS name is not being used by some
   other host. The updater prepares a second UPDATE query in which the
   prerequisite is that the desired name has attached to it a KEY DHCID RR
   whose contents match the client identity.  The update section of
   this query deletes the existing A records on the name, and adds the
   A record that matches the DHCP binding and the KEY DHCID RR with the
   client identity.

   If this query succeeds, the updater can conclude that the current
   client was the last client associated with the domain name, and that
   the name now contains the updated A RR. The A RR update is now
   complete (and a client updater is finished, while a server would
   then proceed to perform a PTR RR update).

   If the second query fails with NXRRSET, the updater must conclude
   that the client's desired name is in use by another host.  At this
   juncture, the updater can decide (based on some administrative
   configuration outside of the scope of this document) whether to let
   the existing owner of the name keep that name, and to (possibly)
   perform some name disambiguation operation on behalf of the current
   client, or to replace the RRs on the name with RRs that represent
   the current client. If the configured policy allows replacement of
   existing records, the updater submits a query that deletes the
   existing A RR and the existing KEY DHCID RR, adding A and KEY DHCID RRs that
   represent the IP address and client-identity of the new client.

      DISCUSSION:
      The updating entity may be configured to allow the existing DNS
      records on the domain name to remain unchanged, and to perform
      disambiguation on the name of the current client in order to
      attempt to generate a similar but unique name for the current
      client. In this case, once another candidate name has been
      generated, the updater should restart the process of adding an A
      RR as specified in this section.

7.6

8.2 Adding PTR RR Entries to DNS

   The DHCP server submits a DNS query which deletes all of the PTR RRs
   associated with the lease IP address, and adds a PTR RR whose data
   is the client's (possibly disambiguated) host name. The server also
   adds a KEY DHCID RR specified in Section 7.3.

7.7 4.3.

8.3 Removing Entries from DNS

   The first rule most important consideration in removing DNS entries is be sure
   that an entity removing a DNS entry is only removing an entry that
   it added. added, or for which an administrator has explicitly assigned it
   responsibility.

   When a lease expires or a DHCP client issues a DHCPRELEASE request,
   the DHCP server SHOULD delete the PTR RR that matches the DHCP
   binding, if one was successfully added. The server's update query
   SHOULD assert that the name in the PTR record matches the name of
   the client whose lease has expired or been released.

   The entity chosen to handle the A record for this client (either the
   client or the server) SHOULD delete the A record that was added when
   the lease was made to the client.

   In order to perform this delete, the updater prepares an UPDATE
   query which contains two prerequisites.  The first prerequisite
   asserts that the KEY DHCID RR exists whose data is the client identity
   described in Section 7.3. 4.3. The second prerequisite asserts that the
   data in the A RR contains the IP address of the lease that has
   expired or been released.

   If the query fails, the updater MUST NOT delete the DNS name.  It
   may be that the host whose lease on the server has expired has moved
   to another network and obtained a lease from a different server,
   which has caused the client's A RR to be replaced. It may also be
   that some other client has been configured with a name that matches
   the name of the DHCP client, and the policy was that the last client
   to specify the name would get the name.  In this case, the KEY DHCID RR
   will no longer match the updater's notion of the client-identity of
   the host pointed to by the DNS name.

7.8

8.4 Updating other RRs

   The procedures described in this document only cover updates to the
   A and PTR RRs. Updating other types of RRs is outside the scope of
   this document.

8.

9. Security Considerations

   Unauthenticated updates to the DNS can lead to tremendous confusion,
   through malicious attack or through inadvertent misconfiguration.
   Administrators should be wary of permitting unsecured DNS updates to
   zones which are exposed to the global Internet. Both DHCP clients
   and servers SHOULD use some form of update request origin
   authentication procedure (e.g., Simple Secure DNS Update[11]) when
   performing DNS updates.

   Whether the a DHCP client may be responsible for updating the an FQDN to IP
   address mapping, or whether the this is the responsibility lies with of the DHCP
   server is a site-local matter. The choice between the two
   alternatives may be based on a particular the security model that is used with
   the Dynamic DNS Update protocol (e.g., only a client may have
   sufficient credentials to perform updates to the FQDN to IP address
   mapping for its FQDN).

   Whether a DHCP server is always responsible for updating the FQDN to
   IP address mapping (in addition to updating the IP to FQDN mapping),
   regardless of the wishes of a an individual DHCP client, is also a
   site-local matter. The choice between the two alternatives may be
   based on a particular the security model. Both DHCP clients and servers SHOULD use some form
   of update request origin authentication procedure (e.g., TSIG[8],
   Simple Secure DNS Update[10]) when performing model that is being used with dynamic DNS
   updates.

   While the DHCP client MAY be the one to update the DNS A record, in
   certain configurations In cases where a DHCP server MAY do so instead.  In this
   case, is performing DNS updates on
   behalf of a client, the DHCP server MUST should be sure of both the DNS name
   to use for the client, as well as and of the identity of the client.

   In the general case, both of these conditions are

   Currently, it is difficult for DHCP servers to
   satisfy, develop much
   confidence in the identities of its clients, given the absence of security
   entity authentication from the DHCP protocol itself. There are many
   ways for a DHCP server to develop a DNS name to use for a client,
   but only in certain relatively unusual circumstances will the DHCP
   server know for certain the identity of the client. If DHCP authentication[9]
   Authentication[10] becomes widely deployed this may become more
   customary.

   One example of a situation which offers some extra assurances is one
   where the DHCP client is connected to a network through an MCNS
   cable modem, and the CMTS (head-end) of the cable modem ensures that
   MAC address spoofing simply does not occur. Another example of a
   configuration that might be trusted is one where clients obtain
   network access via a network access server using PPP. The NAS itself
   might be obtaining IP addresses via DHCP, encoding a client
   identification into the DHCP client-id option.  In this case, the
   network access server as well as the DHCP server might be operating
   within a trusted environment, in which case the DHCP server could be
   configured to trust that the user authentication and authorization
   procedure of the remote access server was sufficient, and would
   therefore trust the client identification encoded within the DHCP
   client-id.

9.

10. Acknowledgements

   Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Robert Elz, Peter
   Ford, Edie Gunter, Andreas Gustafsson, R. Barr Hibbs, Kim Kinnear,
   Stuart Kwan, Ted Lemon, Ed Lewis, Michael Lewis, Josh Littlefield,
   Michael Patton, and Glenn Stump for their review and comments.

References

   [1]  Mockapetris, P., "Domain names - Concepts and Facilities", RFC
        1034, Nov 1987.

   [2]  Mockapetris, P., "Domain names - Implementation and
        Specification", RFC 1035, Nov 1987.

   [3]  Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
        March 1997.

   [4]  Marine, A., Reynolds, J. and G. Malkin, "FYI on Questions and
        Answers to Commonly asked ``New Internet User'' Questions", RFC
        1594, March 1994.

   [5]  Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
        Updates in the Domain Name System", RFC 2136, April 1997.

   [6]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", RFC 2119, March 1997.

   [7]  Eastlake, D., "Domain Name System Security Extensions", RFC
        2535, March 1999.

   [8]  Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671,
        August 1999.

   [9]  Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington,
        "Secret Key Transaction Signatures Authentication for DNS (TSIG)
        (draft-ietf-dnsind-tsig-*)",
        (draft-ietf-dnsext-tsig-*)", July 1999.

   [9]

   [10]  Droms, R. and W. Arbaugh, "Authentication for DHCP Messages
         (draft-ietf-dhc-authentication-*)", June 1999.

   [10]

   [11]  Wellington, B., "Simple Secure DNS Dynamic Updates
         (draft-ietf-dnsind-simple-secure-update-*)",
         (draft-ietf-dnsext-simple-secure-update-*)", June 1999.

   [12]  Gustafsson, A., "A DNS RR for encoding DHCP client identity
         (draft-ietf-dnsext-dhcid-rr-*)", October 1999.

   [13]  Rivest, R., "The MD5 Message Digest Algorithm", RFC 1321,
         April 1992.

Authors' Addresses

   Mark Stapp
   Cisco Systems, Inc.
   250 Apollo Dr.
   Chelmsford, MA  01824
   US

   Phone: 978.244.8498
   EMail: mjs@cisco.com

   Yakov Rekhter
   Cisco Systems, Inc.
   170 Tasman Dr.
   San Jose, CA  95134
   US

   Phone: 914.235.2128
   EMail: yakov@cisco.com

Full Copyright Statement

   Copyright (C) The Internet Society (1999). (2000). All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implmentation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph
   are included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC editor function is currently provided by the
   Internet Society.