idnits 2.17.1 

draft-ietf-dhc-fqdn-option-08.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1.a on line 19.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 677.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 654.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 661.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 667.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement. 

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        This document is an Internet-Draft and is subject to all provisions of
        Section 3 of RFC 3667.

        By submitting this Internet-Draft, each author represents that any
        applicable patent or other IPR claims of which he or she is aware
        have been or will be disclosed, and any of which he or she
        becomes aware will be disclosed, in accordance with Section 6 of
        BCP 79.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (December 23, 2004) is 7064 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- No information found for draft-ietf-dhc-ddns-resolution- - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. '6' 

  -- Obsolete informational reference (is this intentional?): RFC 1594 (ref.
     '7') (Obsoleted by RFC 2664)

  -- Obsolete informational reference (is this intentional?): RFC 2279 (ref.
     '9') (Obsoleted by RFC 3629)

  -- Obsolete informational reference (is this intentional?): RFC 2671 (ref.
     '10') (Obsoleted by RFC 6891)


     Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 12 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	DHC                                                             M. Stapp
3	Internet-Draft                                                   B. Volz
4	Expires: June 23, 2005                               Cisco Systems, Inc.
5	                                                              Y. Rekhter
6	                                                        Juniper Networks
7	                                                       December 23, 2004

9	                      The DHCP Client FQDN Option
10	                  <draft-ietf-dhc-fqdn-option-08.txt>

12	Status of this Memo

14	   This document is an Internet-Draft and is subject to all provisions
15	   of section 3 of RFC 3667.  By submitting this Internet-Draft, each
16	   author represents that any applicable patent or other IPR claims of
17	   which he or she is aware have been or will be disclosed, and any of
18	   which he or she become aware will be disclosed, in accordance with
19	   RFC 3668.

21	   Internet-Drafts are working documents of the Internet Engineering
22	   Task Force (IETF), its areas, and its working groups.  Note that
23	   other groups may also distribute working documents as
24	   Internet-Drafts.

26	   Internet-Drafts are draft documents valid for a maximum of six months
27	   and may be updated, replaced, or obsoleted by other documents at any
28	   time.  It is inappropriate to use Internet-Drafts as reference
29	   material or to cite them other than as "work in progress."

31	   The list of current Internet-Drafts can be accessed at
32	   http://www.ietf.org/ietf/1id-abstracts.txt.

34	   The list of Internet-Draft Shadow Directories can be accessed at
35	   http://www.ietf.org/shadow.html.

37	   This Internet-Draft will expire on June 23, 2005.

39	Copyright Notice

41	   Copyright (C) The Internet Society (2004).

43	Abstract

45	   This document specifies a DHCP for IPv4, DHCPv4, option which can be
46	   used to exchange information about a DHCPv4 client's fully-qualified
47	   domain name and about responsibility for updating the DNS RR related
48	   to the client's address assignment.

50	Table of Contents

52	   1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
53	   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
54	     2.1   Models of Operation  . . . . . . . . . . . . . . . . . . .  3
55	   3.  The Client FQDN Option . . . . . . . . . . . . . . . . . . . .  4
56	     3.1   The Flags Field  . . . . . . . . . . . . . . . . . . . . .  5
57	     3.2   The RCODE Fields . . . . . . . . . . . . . . . . . . . . .  6
58	     3.3   The Domain Name Field  . . . . . . . . . . . . . . . . . .  6
59	       3.3.1   Deprecated ASCII Encoding  . . . . . . . . . . . . . .  7
60	   4.  DHCP Client Behavior . . . . . . . . . . . . . . . . . . . . .  7
61	     4.1   Interaction With Other Options . . . . . . . . . . . . . .  7
62	     4.2   Client Desires to Update A RRs . . . . . . . . . . . . . .  8
63	     4.3   Client Desires Server to Do DNS Updates  . . . . . . . . .  8
64	     4.4   Client Desires No Server DNS Updates . . . . . . . . . . .  8
65	     4.5   Domain Name and DNS Update Issues  . . . . . . . . . . . .  9
66	   5.  DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . .  9
67	     5.1   When to Perform DNS Updates  . . . . . . . . . . . . . . . 10
68	   6.  DNS Update Conflicts . . . . . . . . . . . . . . . . . . . . . 11
69	   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 12
70	   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12
71	   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
72	   10.   References . . . . . . . . . . . . . . . . . . . . . . . . . 13
73	   10.1  Normative References . . . . . . . . . . . . . . . . . . . . 13
74	   10.2  Informative References . . . . . . . . . . . . . . . . . . . 13
75	       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
76	       Intellectual Property and Copyright Statements . . . . . . . . 15

78	1.  Terminology

80	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
81	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
82	   document are to be interpreted as described in RFC 2119 [1].

84	2.  Introduction

86	   DNS ([2], [3]) maintains (among other things) the information about
87	   the mapping between hosts' Fully Qualified Domain Names (FQDNs) [7]
88	   and IP addresses assigned to the hosts.  The information is
89	   maintained in two types of Resource Records (RRs): A and PTR.  The
90	   DNS update specification ([4]) describes a mechanism that enables DNS
91	   information to be updated over a network.

93	   The Dynamic Host Configuration Protocol for IPv4 (DHCPv4 or just DHCP
94	   in this document) [5] provides a mechanism by which a host (a DHCP
95	   client) can acquire certain configuration information, along with its
96	   address.  This document specifies a DHCP option, the Client FQDN
97	   option, which can be used by DHCP clients and servers to exchange
98	   information about the client's fully-qualified domain name for an
99	   address and who has the responsibility for updating the DNS with the
100	   associated A and PTR RRs.

102	2.1  Models of Operation

104	   When a DHCP client acquires a new address, a site's administrator may
105	   desire that one or both of the A RR for the client's FQDN and the PTR
106	   RR for the acquired address be updated.  Therefore, two separate DNS
107	   update transactions may occur.  Acquiring an address via DHCP
108	   involves two entities: a DHCP client and a DHCP server.  In principle
109	   each of these entities could perform none, one, or both of the
110	   transactions.  However, in practice not all permutations make sense.
111	   The DHCP Client FQDN option is primarily intended to operate in the
112	   following two cases:

114	   1.  DHCP client updates the A RR, DHCP server updates the PTR RR
115	   2.  DHCP server updates both the A and the PTR RRs

117	   The only difference between these two cases is whether the FQDN to IP
118	   address mapping is updated by a DHCP client or by a DHCP server.  The
119	   IP address to FQDN mapping is updated by a DHCP server in both cases.

121	   The reason these two are important, while others are unlikely, has to
122	   do with authority over the respective DNS domain names.  A DHCP
123	   client may be given authority over mapping its own A RRs, or that
124	   authority may be restricted to a server to prevent the client from
125	   listing arbitrary addresses or associating its address with arbitrary
126	   domain names.  In all cases, the only reasonable place for the
127	   authority over the PTR RRs associated with the address is in the DHCP
128	   server that allocates the address.

130	   Note: A third case is supported - the client requests that the server
131	   perform no updates.  However, this case is presumed to be rare
132	   because of the authority issues.

134	   In any case, whether a site permits all, some, or no DHCP servers and
135	   clients to perform DNS updates into the zones which it controls is
136	   entirely a matter of local administrative policy.  This document does
137	   not require any specific administrative policy, and does not propose
138	   one.  The range of possible policies is very broad, from sites where
139	   only the DHCP servers have been given credentials that the DNS
140	   servers will accept, to sites where each individual DHCP client has
141	   been configured with credentials which allow the client to modify its
142	   own domain name.  Compliant implementations may support some or all
143	   of these possibilities.  Furthermore, this specification applies only
144	   to DHCP client and server processes: it does not apply to other
145	   processes which initiate DNS updates.

147	   This document describes a new DHCP option which a client can use to
148	   convey all or part of its domain name to a DHCP server.
149	   Site-specific policy determines whether DHCP servers use the names
150	   that clients offer or not, and what DHCP servers may do in cases
151	   where clients do not supply domain names.

153	3.  The Client FQDN Option

155	   To update the IP address to FQDN mapping a DHCP server needs to know
156	   the FQDN of the client to which the server leases the address.  To
157	   allow the client to convey its FQDN to the server this document
158	   defines a new DHCP option, called "Client FQDN".  The Client FQDN
159	   option also contains Flags, which DHCP servers can use to convey
160	   information about DNS updates to clients, and two deprecated RCODEs.

162	   Clients MAY send the Client FQDN option, setting appropriate Flags
163	   values, in both their DHCPDISCOVER and DHCPREQUEST messages.  If a
164	   client sends the Client FQDN option in its DHCPDISCOVER message, it
165	   MUST send the option in subsequent DHCPREQUEST messages.

167	   Only one FQDN MAY appear in a message.  As per [13], multiple
168	   instances of this option in a message SHOULD be concatentated.

170	   The code for this option is 81.  Its minimum length is 3.

172	   The Format of the Client FQDN Option is:

174	        Code   Len    Flags  RCODE1 RCODE2   Domain Name
175	       +------+------+------+------+------+------+--
176	       |  81  |   n  |      |      |      |       ...
177	       +------+------+------+------+------+------+--

179	3.1  The Flags Field

181	   The Format of the Flags Field is:

183	        0 1 2 3 4 5 6 7
184	       +-+-+-+-+-+-+-+-+
185	       |  MBZ  |N|E|O|S|
186	       +-+-+-+-+-+-+-+-+

188	   The "S" bit indicates whether the server SHOULD or SHOULD NOT perform
189	   the A RR (FQDN to address) DNS updates.  A client sets the bit to 0
190	   to indicate the server SHOULD NOT perform the updates and 1 to
191	   indicate the server SHOULD perform the updates.  The state of the bit
192	   in the reply from the server indicates the action to be taken by the
193	   server; if 1, the server has taken responsibility for A RR updates
194	   for the FQDN.

196	   The "O" bit indicates whether the server has overridden the client's
197	   preference for the "S" bit.  A client MUST set this bit to 0.  A
198	   server MUST set this bit to 1 if the "S" bit in its reply to the
199	   client does not match the "S" bit received from the client.

201	   The "N" bit indicates whether the server SHOULD NOT perform any DNS
202	   updates.  A client sets this bit to 0 to request that the server
203	   SHOULD perform updates (the PTR RR and possibly the A RR based on the
204	   "S" bit) or to 1 to request that the server SHOULD NOT perform any
205	   DNS updates.  A server sets the "N" bit to indicate whether it SHALL
206	   (0) or SHALL NOT (1) perform DNS updates.  If the "N" bit is 1, the
207	   "S" bit MUST be 0.

209	   The "E" bit indicates the encoding of the Domain Name field.  1
210	   indicates DNS-style binary encoding, without compression, as
211	   described in RFC 1035 [3] and SHOULD be used by clients.  0 indicates
212	   a now deprecated ASCII encoding.  Servers MUST use the same encoding
213	   as received from the client.  Server implementers SHOULD note that
214	   earlier draft versions of this specification permitted an ASCII
215	   encoding of the domain name and this encoding MUST be used if the "E"
216	   bit is 0.  Clients which implemented this encoding were deployed
217	   before this specification was completed.  Server implementers which
218	   need to support these clients need to see the section on the
219	   deprecated ASCII encoding (Section 3.3.1).

221	   The remaining bits in the Flags field are reserved for future
222	   assignment.  DHCP clients and servers which send the Client FQDN
223	   option MUST clear the MBZ bits, and they MUST ignore these bits.

225	3.2  The RCODE Fields

227	   The RCODE1 and RCODE2 fields are deprecated.  A client SHOULD set
228	   these to 0 when sending the option and SHOULD ignore them on receipt.
229	   A server SHOULD set these to 255 when sending the option and MUST
230	   ignore them on receipt.

232	   As this option with these fields is already in wide use, the fields
233	   are retained.  These fields were originally defined for use by a DHCP
234	   server to indicate to a DHCP client the Response Code from any A
235	   (RCODE1) or PTR (RCODE2) RR DNS updates it has performed or a value
236	   of 255 was used to indicate that an update had been initiated but had
237	   not yet completed.  Each of these fields is one byte long.  These
238	   fields were defined before EDNS0 [10], which describes a mechanism
239	   for extending the length of a DNS RCODE to 12 bits, which is another
240	   reason to deprecate them.

242	   If the client needs to confirm the DNS update has been done, it MAY
243	   use a DNS query to check whether the mapping is up to date.  However,
244	   depending on the load on the DHCP and DNS servers and the DNS
245	   propagation delays, the client can only infer success.  If the
246	   information is not found to be up to date in DNS, the servers might
247	   not have completed the updates or zone transfers, or not yet updated
248	   their caches.

250	3.3  The Domain Name Field

252	   The Domain Name part of the option carries all or part of the FQDN of
253	   a DHCP client.  The data in the Domain Name field SHOULD appear in
254	   uncompressed DNS encoding as specified in RFC 1035 [3].  If the DHCP
255	   client uses DNS encoding, it MUST set to 1 the the "E" bit in the
256	   Flags field.  In order to determine whether the FQDN has changed
257	   between message exchanges, the client and server MUST NOT alter the
258	   Domain Name field contents unless the FQDN has actually changed.

260	   A client MAY be configured with a fully-qualified domain name or with
261	   a partial name that is not fully-qualified.  If a client knows only
262	   part of its name, it MAY send a name that is not fully-qualified,
263	   indicating that it knows part of the name but does not necessarily
264	   know the zone in which the name is to be embedded.

266	   To send a fully-qualified domain name, the Domain Name field is set
267	   to the DNS encoded domain name including the terminating zero-length
268	   label.  To send a partial name, the Domain Name field is set to the
269	   DNS encoded domain name without the terminating zero-length label.

271	   A client MAY also leave the Domain Name field empty if it desires the
272	   server to provide a name.

274	3.3.1  Deprecated ASCII Encoding

276	   The DNS encoding specified above MUST be supported by DHCP servers.
277	   However, a substantial population of clients implemented an earlier
278	   draft version of this specification, which permitted an ASCII
279	   encoding of the Domain Name field.  Server implementations SHOULD be
280	   aware that clients which send the Client FQDN option with the "E" bit
281	   set to 0 are using an ASCII encoding of the Domain Name field.
282	   Servers MAY be prepared to return an ASCII encoded version of the
283	   Domain Name field to such clients.  Servers that are not prepared to
284	   return an ASCII encoded version MUST ignore the Client FQDN option if
285	   the "E" bit is 0.  The use of ASCII encoding in this option SHOULD be
286	   considered deprecated.

288	   A DHCP client which used ASCII encoding was permitted to suggest a
289	   single label if it was not configured with a fully-qualified name.
290	   Such clients send a single label as a series of ASCII characters in
291	   the Domain Name field, excluding the "." (dot) character.  Such
292	   clients SHOULD follow the character-set recommendations of RFC 1034
293	   [2] and RFC 1035 [3].

295	   Server implementers SHOULD also be aware that some client software
296	   could be using UTF-8 [9] character encoding.  This information is
297	   included for informational purposes only; this specification does not
298	   require any support for UTF-8.

300	4.  DHCP Client Behavior

302	   The following describes the behavior of a DHCP client that implements
303	   the Client FQDN option.

305	4.1  Interaction With Other Options

307	   Other DHCP options MAY carry data that is related to the Domain Name
308	   field of the Client FQDN option.  The Host Name option [8], for
309	   example, contains an ASCII string representation of the client's host
310	   name.  In general, a client does not need to send redundant data, and
311	   therefore clients which send the Client FQDN option in their messages
312	   MUST NOT also send the Host Name option.  Clients which receive both
313	   the Host Name option and the Client FQDN option from a server SHOULD
314	   prefer Client FQDN option data.  Section 5 instructs servers to
315	   ignore the Host Name option in client messages which include the
316	   Client FQDN option.

318	4.2  Client Desires to Update A RRs

320	   If a client that owns/maintains its own FQDN wants to be responsible
321	   for updating the FQDN to IP address mapping for the FQDN and
322	   address(es) used by the client, the client MUST include the Client
323	   FQDN option in the DHCPREQUEST message originated by the client.  A
324	   DHCP client MAY choose to include the Client FQDN option in its
325	   DHCPDISCOVER messages as well as its DHCPREQUEST messages.  The "S"
326	   bit in the Flags field in the option MUST be 0.  The "O" and "N" bits
327	   MUST be 0.

329	   Once the client's DHCP configuration is completed (the client
330	   receives a DHCPACK message and successfully completes a final check
331	   on the parameters passed in the message), the client MAY originate an
332	   update for the A RR (associated with the client's FQDN) unless the
333	   server has set the "S" bit to 1.  If the "S" is 1, the DHCP client
334	   MUST NOT initiate an update for the name in the Domain Name field.

336	4.3  Client Desires Server to Do DNS Updates

338	   A client can choose to delegate the responsibility for updating the
339	   FQDN to IP address mapping for the FQDN and address(es) used by the
340	   client to the server.  In order to inform the server of this choice,
341	   the client SHOULD include the Client FQDN option in its DHCPREQUEST
342	   message and MAY include the Client FQDN option in its DHCPDISCOVER.
343	   The "S" bit in the Flags field in the option MUST be 1.  The "O" and
344	   "N" bits MUST be 0.

346	4.4  Client Desires No Server DNS Updates

348	   A client can choose to request that the server perform no DNS updates
349	   on its behalf.  In order to inform the server of this choice, the
350	   client SHOULD include the Client FQDN option in its DHCPREQUEST
351	   message and MAY include the Client FQDN option in its DHCPDISCOVER.
352	   The "N" bit in the Flags field in the option MUST be 1 and the "S"
353	   and "O" bits MUST be 0.

355	   Once the client's DHCP configuration is completed (the client
356	   receives a DHCPACK message and successfully completes a final check
357	   on the parameters passed in the message), the client MAY originate
358	   its DNS updates provided the server's "N" bit is 1.  If the server's
359	   "N" bit is 0, the server MAY perform the PTR RR updates; and, MAY
360	   also perform the A RR updates if the "S" bit is 1.

362	4.5  Domain Name and DNS Update Issues

364	   As there is a possibility that the DHCP server is configured to
365	   complete or replace a domain name that the client sends, the client
366	   MAY find it useful to send the Client FQDN option in its DHCPDISCOVER
367	   messages.  If the DHCP server returns different Domain Name data in
368	   its DHCPOFFER message, the client could use that data in performing
369	   its own eventual A RR update, or in forming the Client FQDN option
370	   that it sends in its DHCPREQUEST message.  There is no requirement
371	   that the client send identical Client FQDN option data in its
372	   DHCPDISCOVER and DHCPREQUEST messages.  In particular, if a client
373	   has sent the Client FQDN option to its server, and the configuration
374	   of the client changes so that its notion of its domain name changes,
375	   it MAY send the new name data in a Client FQDN option when it
376	   communicates with the server again.  This MAY cause the DHCP server
377	   to update the name associated with the PTR record, and, if the server
378	   updated the A record representing the client, to delete that record
379	   and attempt an update for the client's current domain name.

381	   A client that delegates the responsibility for updating the FQDN to
382	   IP address mapping to a server will not receive any indication
383	   (either positive or negative) from the server whether the server was
384	   able to perform the update.  The client MAY use a DNS query to check
385	   whether the mapping is up to date (see Section 3.2).

387	   If a client releases its lease prior to the lease expiration time and
388	   the client is responsible for updating its A RR, the client SHOULD
389	   delete the A RR associated with the leased address before sending a
390	   DHCPRELEASE message.  Similarly, if a client was responsible for
391	   updating its A RR, but is unable to renew its lease, the client
392	   SHOULD attempt to delete the A RR before its lease expires.  A DHCP
393	   client which has not been able to delete an A RR which it added
394	   (because it has lost the use of its DHCP IP address) SHOULD attempt
395	   to notify its administrator, perhaps by emitting a log message.

397	5.  DHCP Server Behavior

399	   The following describes the behavior of a DHCP server that implements
400	   the Client FQDN option when the client's message includes the Client
401	   FQDN option.

403	   The server examines its configuration and the Flag bits in the
404	   client's Client FQDN option to determine how to respond:

406	   o  If the client's "E" bit is 0 and the server does not support ASCII
407	      encoding (Section 3.3.1), the server SHOULD ignore the Client FQDN
408	      option.

410	   o  The server sets to 0 the "S", "O", and "N" Flag bits in its copy
411	      of the option it will return to the client.  The server copies the
412	      client's "E" bit.
413	   o  If the client's "N" bit is 1 and the server's configuration allows
414	      it to honor the client's request for no server initiated DNS
415	      updates, the server sets the "N" bit to 1.
416	   o  Otherwise, if the client's "S" bit is 1 and the servers's
417	      configuration allows it to honor the client's request for the
418	      server to initiate A RR DNS updates and if it has the necessary
419	      credentials, the server sets the "S" to 1.  If the server's "S"
420	      bit does not match the client's "S" bit, the server sets the "O"
421	      bit to 1.

423	   The server MAY be configured to use the name supplied in the client's
424	   Client FQDN option, or it MAY be configured to modify the supplied
425	   name, or substitute a different name.  The server SHOULD send its
426	   notion of the complete FQDN for the client in the Domain Name field.
427	   The server MAY simply copy the Domain Name field from the Client FQDN
428	   option that the client sent to the server.  The server MUST use the
429	   same encoding format (ASCII or DNS binary encoding) that the client
430	   used in the Client FQDN option in its DHCPDISCOVER or DHCPREQUEST,
431	   and MUST set the "E" bit in the option's Flags field accordingly.

433	   If a client sends both the Client FQDN and Host Name option, the
434	   server SHOULD ignore the Host Name option.

436	   The server SHOULD set the RCODE1 and RCODE2 fields to 255 before
437	   sending the Client FQDN message to the client in a DHCPOFFER or
438	   DHCPACK.

440	5.1  When to Perform DNS Updates

442	   The server SHOULD NOT perform any DNS updates if the "N" bit is 1 in
443	   the Flags field of the Client FQDN option in the DHCPACK messages (to
444	   be) sent to the client.  However, the server SHOULD delete any RRs
445	   which it previously added via DNS updates for the client.

447	   The server MAY perform the PTR RR DNS update (unless the "N" bit is
448	   1).

450	   The server MAY perform the A RR DNS update if the "S" bit is 1 in the
451	   Flags field of the Client FQDN option in the DHCPACK message (to be)
452	   sent to the client.

454	   The server MAY perform these updates even if the client's DHCPREQUEST
455	   did not carry the Client FQDN option.  The server MUST NOT initiate
456	   DNS updates when responding to DHCPDISCOVER messages from a client.

458	   The server MAY complete its DNS updates (PTR RR or PTR and A RR)
459	   before the server sends the DHCPACK message to the client.
460	   Alternatively, the server MAY send the DHCPACK message to the client
461	   without waiting for the update to be completed.  Whether the DNS
462	   update occurs before or after the DHCPACK is sent is entirely up to
463	   the DHCP server's configuration.

465	   If the server's A RR DNS update does not complete until after the
466	   server has replied to the DHCP client, the server's interaction with
467	   the DNS server MAY cause the DHCP server to change the domain name
468	   that it associates with the client.  This can occur, for example, if
469	   the server detects and resolves a domain-name conflict [6].  In such
470	   cases, the domain name that the server returns to the DHCP client
471	   would change between two DHCP exchanges.

473	   If the server previously performed DNS updates for the client and the
474	   client's information has not changed, the server MAY skip performing
475	   additional DNS updates.

477	   When a server detects that a lease on an address that the server
478	   leases to a client has expired, the server SHOULD delete any PTR RR
479	   which it added via DNS update.  In addition, if the server added an A
480	   RR on the client's behalf, the server SHOULD also delete the A RR.

482	   When a server terminates a lease on an address prior to the lease's
483	   expiration time, for instance by sending a DHCPNAK to a client, the
484	   server SHOULD delete any PTR RR which it associated with the address
485	   via DNS update.  In addition, if the server took responsibility for
486	   an A RR, the server SHOULD also delete that A RR.

488	6.  DNS Update Conflicts

490	   This document does not resolve how a DHCP client or server prevent
491	   name conflicts.  This document addresses only how a DHCP client and
492	   server negotiate who will perform the DNS updates and the fully
493	   qualified domain name requested or used.

495	   Implementers of this work will need to consider how name conflicts
496	   will be prevented.  If a DNS updater needs a security token in order
497	   to successfully perform DNS updates on a specific name, name
498	   conflicts can only occur if multiple clients are given a security
499	   token for that name.  Or, if the fully qualified domains are based on
500	   the specific address bound to a client, conflicts SHOULD NOT occur.
501	   Or, a name conflict resolution technique as described in "Resolving
502	   Name Conflicts" [6]) SHOULD be used.

504	7.  IANA Considerations

506	   IANA has already assigned DHCP option 81 to the Client FQDN option.
507	   As this document updates the option's use, IANA is requested to
508	   reference this document for option 81.

510	8.  Security Considerations

512	   Unauthenticated updates to the DNS can lead to tremendous confusion,
513	   through malicious attack or through inadvertent misconfiguration.
514	   Administrators need to be wary of permitting unsecured DNS updates to
515	   zones which are exposed to the global Internet.  Both DHCP clients
516	   and servers should use some form of update request origin
517	   authentication procedure (e.g., Secure DNS Dynamic Update [11]) when
518	   performing DNS updates.

520	   Whether a DHCP client is responsible for updating an FQDN to IP
521	   address mapping or whether this is the responsibility of the DHCP
522	   server is a site-local matter.  The choice between the two
523	   alternatives is likely based on the security model that is used with
524	   the DNS update protocol (e.g., only a client may have sufficient
525	   credentials to perform updates to the FQDN to IP address mapping for
526	   its FQDN).

528	   Whether a DHCP server is always responsible for updating the FQDN to
529	   IP address mapping (in addition to updating the IP to FQDN mapping),
530	   regardless of the wishes of an individual DHCP client, is also a
531	   site-local matter.  The choice between the two alternatives is likely
532	   based on the security model that is being used with DNS updates.  In
533	   cases where a DHCP server is performing DNS updates on behalf of a
534	   client, the DHCP server should be sure of the DNS name to use for the
535	   client, and of the identity of the client.

537	   Currently, it is difficult for DHCP servers to develop much
538	   confidence in the identities of its clients, given the absence of
539	   entity authentication from the DHCP protocol itself.  There are many
540	   ways for a DHCP server to develop a DNS name to use for a client, but
541	   only in certain relatively unusual circumstances will the DHCP server
542	   know for certain the identity of the client.  If DHCP Authentication
543	   [12] becomes widely deployed this may become more customary.

545	   One example of a situation which offers some extra assurances is one
546	   where the DHCP client is connected to a network through an MCNS cable
547	   modem, and the CMTS (head-end) ensures that MAC address spoofing
548	   simply does not occur.  Another example of a configuration that might
549	   be trusted is one where clients obtain network access via a network
550	   access server using PPP.  The NAS itself might be obtaining IP
551	   addresses via DHCP, encoding a client identification into the DHCP
552	   client-id option.  In this case, the network access server as well as
553	   the DHCP server might be operating within a trusted environment, in
554	   which case the DHCP server could be configured to trust that the user
555	   authentication and authorization procedure of the remote access
556	   server was sufficient, and would therefore trust the client
557	   identification encoded within the DHCP client-id.

559	9.  Acknowledgements

561	   Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Robert Elz, Peter
562	   Ford, Olafur Gudmundsson, Edie Gunter, Andreas Gustafsson, David W.
563	   Hankins, R.  Barr Hibbs, Kim Kinnear, Stuart Kwan, Ted Lemon, Ed
564	   Lewis, Michael Lewis, Josh Littlefield, Michael Patton, Jyrki Soini,
565	   and Glenn Stump for their review and comments.

567	10.  References

569	10.1  Normative References

571	   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
572	        Levels", BCP 14, RFC 2119, March 1997.

574	   [2]  Mockapetris, P., "Domain names - concepts and facilities", STD
575	        13, RFC 1034, November 1987.

577	   [3]  Mockapetris, P., "Domain names - implementation and
578	        specification", STD 13, RFC 1035, November 1987.

580	   [4]  Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
581	        Updates in the Domain Name System (DNS UPDATE)", RFC 2136, April
582	        1997.

584	   [5]  Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
585	        March 1997.

587	   [6]  Stapp, M. and B. Volz, "Resolution of DNS Name Conflicts Among
588	        DHCP Clients (draft-ietf-dhc-ddns-resolution-*.txt)", September
589	        2004.

591	10.2  Informative References

593	   [7]   Marine, A., Reynolds, J. and G. Malkin, "FYI on Questions and
594	         Answers - Answers to Commonly asked "New Internet User"
595	         Questions", RFC 1594, March 1994.

597	   [8]   Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
598	         Extensions", RFC 2132, March 1997.

600	   [9]   Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC
601	         2279, January 1998.

603	   [10]  Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671,
604	         August 1999.

606	   [11]  Wellington, B., "Secure Domain Name System (DNS) Dynamic
607	         Update", RFC 3007, November 2000.

609	   [12]  Droms, R. and W. Arbaugh, "Authentication for DHCP Messages",
610	         RFC 3118, June 2001.

612	   [13]  Lemon, T. and S. Cheshire, "Encoding Long Options in the
613	         Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
614	         November 2002.

616	Authors' Addresses

618	   Mark Stapp
619	   Cisco Systems, Inc.
620	   1414 Massachusetts Ave.
621	   Boxborough, MA  01719
622	   USA

624	   Phone: 978.936.1535
625	   EMail: mjs@cisco.com

627	   Bernie Volz
628	   Cisco Systems, Inc.
629	   1414 Massachusetts Ave.
630	   Boxborough, MA  01719
631	   USA

633	   Phone: 978.936.0382
634	   EMail: volz@cisco.com

636	   Yakov Rekhter
637	   Juniper Networks
638	   1194 North Mathilda Avenue
639	   Sunnyvale, CA  94089
640	   USA

642	   Phone: 408.745.2000
643	   EMail: yakov@juniper.net

645	Intellectual Property Statement

647	   The IETF takes no position regarding the validity or scope of any
648	   Intellectual Property Rights or other rights that might be claimed to
649	   pertain to the implementation or use of the technology described in
650	   this document or the extent to which any license under such rights
651	   might or might not be available; nor does it represent that it has
652	   made any independent effort to identify any such rights.  Information
653	   on the procedures with respect to rights in RFC documents can be
654	   found in BCP 78 and BCP 79.

656	   Copies of IPR disclosures made to the IETF Secretariat and any
657	   assurances of licenses to be made available, or the result of an
658	   attempt made to obtain a general license or permission for the use of
659	   such proprietary rights by implementers or users of this
660	   specification can be obtained from the IETF on-line IPR repository at
661	   http://www.ietf.org/ipr.

663	   The IETF invites any interested party to bring to its attention any
664	   copyrights, patents or patent applications, or other proprietary
665	   rights that may cover technology that may be required to implement
666	   this standard.  Please address the information to the IETF at
667	   ietf-ipr@ietf.org.

669	Disclaimer of Validity

671	   This document and the information contained herein are provided on an
672	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
673	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
674	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
675	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
676	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
677	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

679	Copyright Statement

681	   Copyright (C) The Internet Society (2004).  This document is subject
682	   to the rights, licenses and restrictions contained in BCP 78, and
683	   except as set forth therein, the authors retain all their rights.

685	Acknowledgment

687	   Funding for the RFC Editor function is currently provided by the
688	   Internet Society.