idnits 2.17.1 

draft-ietf-dhc-fqdn-option-10.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1.a on line 19.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 679.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 656.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 663.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 669.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement. 

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        This document is an Internet-Draft and is subject to all provisions of
        Section 3 of RFC 3667.

        By submitting this Internet-Draft, each author represents that any
        applicable patent or other IPR claims of which he or she is aware
        have been or will be disclosed, and any of which he or she
        becomes aware will be disclosed, in accordance with Section 6 of
        BCP 79.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (February 15, 2005) is 7003 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- No information found for draft-ietf-dhc-ddns-resolution- - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. '7' 

  -- Obsolete informational reference (is this intentional?): RFC 1594 (ref.
     '8') (Obsoleted by RFC 2664)

  -- Obsolete informational reference (is this intentional?): RFC 2279 (ref.
     '10') (Obsoleted by RFC 3629)

  -- Obsolete informational reference (is this intentional?): RFC 2671 (ref.
     '11') (Obsoleted by RFC 6891)


     Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 12 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	DHC                                                             M. Stapp
3	Internet-Draft                                                   B. Volz
4	Expires: August 19, 2005                             Cisco Systems, Inc.
5	                                                              Y. Rekhter
6	                                                        Juniper Networks
7	                                                       February 15, 2005

9	                      The DHCP Client FQDN Option
10	                  <draft-ietf-dhc-fqdn-option-10.txt>

12	Status of this Memo

14	   This document is an Internet-Draft and is subject to all provisions
15	   of Section 3 of RFC 3667.  By submitting this Internet-Draft, each
16	   author represents that any applicable patent or other IPR claims of
17	   which he or she is aware have been or will be disclosed, and any of
18	   which he or she become aware will be disclosed, in accordance with
19	   RFC 3668.

21	   Internet-Drafts are working documents of the Internet Engineering
22	   Task Force (IETF), its areas, and its working groups.  Note that
23	   other groups may also distribute working documents as
24	   Internet-Drafts.

26	   Internet-Drafts are draft documents valid for a maximum of six months
27	   and may be updated, replaced, or obsoleted by other documents at any
28	   time.  It is inappropriate to use Internet-Drafts as reference
29	   material or to cite them other than as "work in progress."

31	   The list of current Internet-Drafts can be accessed at
32	   http://www.ietf.org/ietf/1id-abstracts.txt.

34	   The list of Internet-Draft Shadow Directories can be accessed at
35	   http://www.ietf.org/shadow.html.

37	   This Internet-Draft will expire on August 19, 2005.

39	Copyright Notice

41	   Copyright (C) The Internet Society (2005).

43	Abstract

45	   This document specifies a DHCP for IPv4, DHCPv4, option which can be
46	   used to exchange information about a DHCPv4 client's fully-qualified
47	   domain name and about responsibility for updating the DNS RR related
48	   to the client's address assignment.

50	Table of Contents

52	   1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
53	   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
54	     2.1   Models of Operation  . . . . . . . . . . . . . . . . . . .  3
55	   3.  The Client FQDN Option . . . . . . . . . . . . . . . . . . . .  4
56	     3.1   The Flags Field  . . . . . . . . . . . . . . . . . . . . .  5
57	     3.2   The RCODE Fields . . . . . . . . . . . . . . . . . . . . .  6
58	     3.3   The Domain Name Field  . . . . . . . . . . . . . . . . . .  6
59	       3.3.1   Deprecated ASCII Encoding  . . . . . . . . . . . . . .  7
60	   4.  DHCP Client Behavior . . . . . . . . . . . . . . . . . . . . .  7
61	     4.1   Interaction With Other Options . . . . . . . . . . . . . .  7
62	     4.2   Client Desires to Update A RRs . . . . . . . . . . . . . .  8
63	     4.3   Client Desires Server to Do DNS Updates  . . . . . . . . .  8
64	     4.4   Client Desires No Server DNS Updates . . . . . . . . . . .  8
65	     4.5   Domain Name and DNS Update Issues  . . . . . . . . . . . .  9
66	   5.  DHCP Server Behavior . . . . . . . . . . . . . . . . . . . . .  9
67	     5.1   When to Perform DNS Updates  . . . . . . . . . . . . . . . 10
68	   6.  DNS Update Conflicts . . . . . . . . . . . . . . . . . . . . . 11
69	   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 12
70	   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12
71	   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
72	   10.   References . . . . . . . . . . . . . . . . . . . . . . . . . 13
73	     10.1  Normative References . . . . . . . . . . . . . . . . . . . 13
74	     10.2  Informative References . . . . . . . . . . . . . . . . . . 13
75	       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
76	       Intellectual Property and Copyright Statements . . . . . . . . 15

78	1.  Terminology

80	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
81	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
82	   document are to be interpreted as described in RFC 2119 [1].

84	2.  Introduction

86	   DNS ([2], [3]) maintains (among other things) the information about
87	   the mapping between hosts' Fully Qualified Domain Names (FQDNs) [8]
88	   and IP addresses assigned to the hosts.  The information is
89	   maintained in two types of Resource Records (RRs): A and PTR.  The
90	   DNS update specification ([4]) describes a mechanism that enables DNS
91	   information to be updated over a network.

93	   The Dynamic Host Configuration Protocol for IPv4 (DHCPv4 or just DHCP
94	   in this document) [5] provides a mechanism by which a host (a DHCP
95	   client) can acquire certain configuration information, along with its
96	   address.  This document specifies a DHCP option, the Client FQDN
97	   option, which can be used by DHCP clients and servers to exchange
98	   information about the client's fully-qualified domain name for an
99	   address and who has the responsibility for updating the DNS with the
100	   associated A and PTR RRs.

102	2.1  Models of Operation

104	   When a DHCP client acquires a new address, a site's administrator may
105	   desire that one or both of the A RR for the client's FQDN and the PTR
106	   RR for the acquired address be updated.  Therefore, two separate DNS
107	   update transactions may occur.  Acquiring an address via DHCP
108	   involves two entities: a DHCP client and a DHCP server.  In principle
109	   each of these entities could perform none, one, or both of the
110	   transactions.  However, in practice not all permutations make sense.
111	   The DHCP Client FQDN option is primarily intended to operate in the
112	   following two cases:

114	   1.  DHCP client updates the A RR, DHCP server updates the PTR RR
115	   2.  DHCP server updates both the A and the PTR RRs

117	   The only difference between these two cases is whether the FQDN to IP
118	   address mapping is updated by a DHCP client or by a DHCP server.  The
119	   IP address to FQDN mapping is updated by a DHCP server in both cases.

121	   The reason these two are important, while others are unlikely, has to
122	   do with authority over the respective DNS domain names.  A DHCP
123	   client may be given authority over mapping its own A RRs, or that
124	   authority may be restricted to a server to prevent the client from
125	   listing arbitrary addresses or associating its address with arbitrary
126	   domain names.  In all cases, the only reasonable place for the
127	   authority over the PTR RRs associated with the address is in the DHCP
128	   server that allocates the address.

130	   Note: A third case is supported - the client requests that the server
131	   perform no updates.  However, this case is presumed to be rare
132	   because of the authority issues.

134	   In any case, whether a site permits all, some, or no DHCP servers and
135	   clients to perform DNS updates into the zones which it controls is
136	   entirely a matter of local administrative policy.  This document does
137	   not require any specific administrative policy, and does not propose
138	   one.  The range of possible policies is very broad, from sites where
139	   only the DHCP servers have been given credentials that the DNS
140	   servers will accept, to sites where each individual DHCP client has
141	   been configured with credentials which allow the client to modify its
142	   own domain name.  Compliant implementations may support some or all
143	   of these possibilities.  Furthermore, this specification applies only
144	   to DHCP client and server processes: it does not apply to other
145	   processes which initiate DNS updates.

147	   This document describes a new DHCP option which a client can use to
148	   convey all or part of its domain name to a DHCP server.
149	   Site-specific policy determines whether DHCP servers use the names
150	   that clients offer or not, and what DHCP servers may do in cases
151	   where clients do not supply domain names.

153	3.  The Client FQDN Option

155	   To update the IP address to FQDN mapping a DHCP server needs to know
156	   the FQDN of the client to which the server leases the address.  To
157	   allow the client to convey its FQDN to the server this document
158	   defines a new DHCP option, called "Client FQDN".  The Client FQDN
159	   option also contains Flags, which DHCP servers can use to convey
160	   information about DNS updates to clients, and two deprecated RCODEs.

162	   Clients MAY send the Client FQDN option, setting appropriate Flags
163	   values, in both their DHCPDISCOVER and DHCPREQUEST messages.  If a
164	   client sends the Client FQDN option in its DHCPDISCOVER message, it
165	   MUST send the option in subsequent DHCPREQUEST messages though the
166	   contents of the option MAY change.

168	   Only one Client FQDN option MAY appear in a message.

170	   The code for this option is 81.  Its minimum length is 3 (octets).

172	   The format of the Client FQDN option is:

174	        Code   Len    Flags  RCODE1 RCODE2   Domain Name
175	       +------+------+------+------+------+------+--
176	       |  81  |   n  |      |      |      |       ...
177	       +------+------+------+------+------+------+--

179	   The above figure follows the conventions of [9].

181	3.1  The Flags Field

183	   The format of the 1-octet Flags field is:

185	        0 1 2 3 4 5 6 7
186	       +-+-+-+-+-+-+-+-+
187	       |  MBZ  |N|E|O|S|
188	       +-+-+-+-+-+-+-+-+

190	   The "S" bit indicates whether the server SHOULD or SHOULD NOT perform
191	   the A RR (FQDN to address) DNS updates.  A client sets the bit to 0
192	   to indicate the server SHOULD NOT perform the updates and 1 to
193	   indicate the server SHOULD perform the updates.  The state of the bit
194	   in the reply from the server indicates the action to be taken by the
195	   server; if 1, the server has taken responsibility for A RR updates
196	   for the FQDN.

198	   The "O" bit indicates whether the server has overridden the client's
199	   preference for the "S" bit.  A client MUST set this bit to 0.  A
200	   server MUST set this bit to 1 if the "S" bit in its reply to the
201	   client does not match the "S" bit received from the client.

203	   The "N" bit indicates whether the server SHOULD NOT perform any DNS
204	   updates.  A client sets this bit to 0 to request that the server
205	   SHOULD perform updates (the PTR RR and possibly the A RR based on the
206	   "S" bit) or to 1 to request that the server SHOULD NOT perform any
207	   DNS updates.  A server sets the "N" bit to indicate whether the
208	   server SHALL (0) or SHALL NOT (1) perform DNS updates.  If the "N"
209	   bit is 1, the "S" bit MUST be 0.

211	   The "E" bit indicates the encoding of the Domain Name field.  1
212	   indicates DNS-style binary encoding, without compression, as
213	   described in RFC 1035 [3].  This encoding SHOULD be used by clients
214	   and MUST be supported by servers.  0 indicates a now deprecated ASCII
215	   encoding (see Section 3.3.1).  A server MUST use the same encoding as
216	   that used by the client.  A server that does not support the
217	   deprecated ASCII encoding MUST ignore Client FQDN options that use
218	   that encoding.

220	   The remaining bits in the Flags field are reserved for future
221	   assignment.  DHCP clients and servers which send the Client FQDN
222	   option MUST clear the MBZ bits, and they MUST ignore these bits.

224	3.2  The RCODE Fields

226	   The RCODE1 and RCODE2 fields are deprecated.  A client SHOULD set
227	   these to 0 when sending the option and SHOULD ignore them on receipt.
228	   A server SHOULD set these to 255 when sending the option and MUST
229	   ignore them on receipt.

231	   As this option with these fields is already in wide use, the fields
232	   are retained.  These fields were originally defined for use by a DHCP
233	   server to indicate to a DHCP client the Response Code from any A
234	   (RCODE1) or PTR (RCODE2) RR DNS updates it has performed or a value
235	   of 255 was used to indicate that an update had been initiated but had
236	   not yet completed.  Each of these fields is one byte long.  These
237	   fields were defined before EDNS0 [11], which describes a mechanism
238	   for extending the length of a DNS RCODE to 12 bits, which is another
239	   reason to deprecate them.

241	   If the client needs to confirm the DNS update has been done, it MAY
242	   use a DNS query to check whether the mapping is up to date.  However,
243	   depending on the load on the DHCP and DNS servers and the DNS
244	   propagation delays, the client can only infer success.  If the
245	   information is not found to be up to date in DNS, the servers might
246	   not have completed the updates or zone transfers, or not yet updated
247	   their caches.

249	3.3  The Domain Name Field

251	   The Domain Name part of the option carries all or part of the FQDN of
252	   a DHCP client.  The data in the Domain Name field SHOULD appear in
253	   uncompressed DNS encoding as specified in RFC 1035 [3].  If the DHCP
254	   client uses DNS encoding, it MUST set to 1 the the "E" bit in the
255	   Flags field.  In order to determine whether the FQDN has changed
256	   between message exchanges, the client and server MUST NOT alter the
257	   Domain Name field contents unless the FQDN has actually changed.

259	   A client MAY be configured with a fully-qualified domain name or with
260	   a partial name that is not fully-qualified.  If a client knows only
261	   part of its name, it MAY send a name that is not fully-qualified,
262	   indicating that it knows part of the name but does not necessarily
263	   know the zone in which the name is to be embedded.

265	   To send a fully-qualified domain name, the Domain Name field is set
266	   to the DNS encoded domain name including the terminating zero-length
267	   label.  To send a partial name, the Domain Name field is set to the
268	   DNS encoded domain name without the terminating zero-length label.

270	   A client MAY also leave the Domain Name field empty if it desires the
271	   server to provide a name.

273	3.3.1  Deprecated ASCII Encoding

275	   A substantial population of clients implemented an earlier draft
276	   version of this specification, which permitted an ASCII encoding of
277	   the Domain Name field.  Server implementations SHOULD be aware that
278	   clients which send the Client FQDN option with the "E" bit set to 0
279	   are using an ASCII encoding of the Domain Name field.  Servers MAY be
280	   prepared to return an ASCII encoded version of the Domain Name field
281	   to such clients.  Servers that are not prepared to return an ASCII
282	   encoded version MUST ignore the Client FQDN option if the "E" bit is
283	   0.  The use of ASCII encoding in this option SHOULD be considered
284	   deprecated.

286	   A DHCP client which used ASCII encoding was permitted to suggest a
287	   single label if it was not configured with a fully-qualified name.
288	   Such clients send a single label as a series of ASCII characters in
289	   the Domain Name field, excluding the "." (dot) character.

291	   Clients and servers SHOULD follow the character-set recommendations
292	   of RFC 1034 [2] and RFC 1035 [3].  However, implementers SHOULD also
293	   be aware that some client software could be using UTF-8 [10]
294	   character encoding.  This specification does not require any support
295	   for UTF-8.

297	4.  DHCP Client Behavior

299	   The following describes the behavior of a DHCP client that implements
300	   the Client FQDN option.

302	4.1  Interaction With Other Options

304	   Other DHCP options MAY carry data that is related to the Domain Name
305	   field of the Client FQDN option.  The Host Name option [9], for
306	   example, contains an ASCII string representation of the client's host
307	   name.  In general, a client does not need to send redundant data, and
308	   therefore clients which send the Client FQDN option in their messages
309	   MUST NOT also send the Host Name option.  Clients which receive both
310	   the Host Name option and the Client FQDN option from a server SHOULD
311	   prefer Client FQDN option data.  Section 5 instructs servers to
312	   ignore the Host Name option in client messages which include the
313	   Client FQDN option.

315	4.2  Client Desires to Update A RRs

317	   If a client that owns/maintains its own FQDN wants to be responsible
318	   for updating the FQDN to IP address mapping for the FQDN and
319	   address(es) used by the client, the client MUST include the Client
320	   FQDN option in the DHCPREQUEST message originated by the client.  A
321	   DHCP client MAY choose to include the Client FQDN option in its
322	   DHCPDISCOVER messages as well as its DHCPREQUEST messages.  The "S"
323	   bit in the Flags field in the option MUST be 0.  The "O" and "N" bits
324	   MUST be 0.

326	   Once the client's DHCP configuration is completed (the client
327	   receives a DHCPACK message and successfully completes a final check
328	   on the parameters passed in the message), the client MAY originate an
329	   update for the A RR (associated with the client's FQDN) unless the
330	   server has set the "S" bit to 1.  If the "S" is 1, the DHCP client
331	   SHOULD NOT initiate an update for the name in the server's returned
332	   Client FQDN option Domain Name field.  However, a DHCP client that is
333	   explicitly configured with a FQDN MAY ignore the state of the "S" bit
334	   if the server's returned name matches the client's configured name.

336	4.3  Client Desires Server to Do DNS Updates

338	   A client can choose to delegate the responsibility for updating the
339	   FQDN to IP address mapping for the FQDN and address(es) used by the
340	   client to the server.  In order to inform the server of this choice,
341	   the client SHOULD include the Client FQDN option in its DHCPREQUEST
342	   message and MAY include the Client FQDN option in its DHCPDISCOVER.
343	   The "S" bit in the Flags field in the option MUST be 1.  The "O" and
344	   "N" bits MUST be 0.

346	4.4  Client Desires No Server DNS Updates

348	   A client can choose to request that the server perform no DNS updates
349	   on its behalf.  In order to inform the server of this choice, the
350	   client SHOULD include the Client FQDN option in its DHCPREQUEST
351	   message and MAY include the Client FQDN option in its DHCPDISCOVER.
352	   The "N" bit in the Flags field in the option MUST be 1 and the "S"
353	   and "O" bits MUST be 0.

355	   Once the client's DHCP configuration is completed (the client
356	   receives a DHCPACK message and successfully completes a final check
357	   on the parameters passed in the message), the client MAY originate
358	   its DNS updates provided the server's "N" bit is 1.  If the server's
359	   "N" bit is 0, the server MAY perform the PTR RR updates; and, MAY
360	   also perform the A RR updates if the "S" bit is 1.

362	4.5  Domain Name and DNS Update Issues

364	   As there is a possibility that the DHCP server is configured to
365	   complete or replace a domain name that the client sends, the client
366	   MAY find it useful to send the Client FQDN option in its DHCPDISCOVER
367	   messages.  If the DHCP server returns different Domain Name data in
368	   its DHCPOFFER message, the client could use that data in performing
369	   its own eventual A RR update, or in forming the Client FQDN option
370	   that it sends in its DHCPREQUEST message.  There is no requirement
371	   that the client send identical Client FQDN option data in its
372	   DHCPDISCOVER and DHCPREQUEST messages.  In particular, if a client
373	   has sent the Client FQDN option to its server, and the configuration
374	   of the client changes so that its notion of its domain name changes,
375	   it MAY send the new name data in a Client FQDN option when it
376	   communicates with the server again.  This MAY cause the DHCP server
377	   to update the name associated with the PTR record, and, if the server
378	   updated the A record representing the client, to delete that record
379	   and attempt an update for the client's current domain name.

381	   A client that delegates the responsibility for updating the FQDN to
382	   IP address mapping to a server will not receive any indication
383	   (either positive or negative) from the server whether the server was
384	   able to perform the update.  The client MAY use a DNS query to check
385	   whether the mapping is up to date (see Section 3.2).

387	   If a client releases its lease prior to the lease expiration time and
388	   the client is responsible for updating its A RR, the client SHOULD
389	   delete the A RR associated with the leased address before sending a
390	   DHCPRELEASE message.  Similarly, if a client was responsible for
391	   updating its A RR, but is unable to renew its lease, the client
392	   SHOULD attempt to delete the A RR before its lease expires.  A DHCP
393	   client which has not been able to delete an A RR which it added
394	   (because it has lost the use of its DHCP IP address) SHOULD attempt
395	   to notify its administrator, perhaps by emitting a log message.

397	   A client that desires to perform DNS updates to A RRs SHOULD NOT do
398	   so if the client's address is a private address [6].

400	5.  DHCP Server Behavior

402	   The following describes the behavior of a DHCP server that implements
403	   the Client FQDN option when the client's message includes the Client
404	   FQDN option.

406	   The server examines its configuration and the Flag bits in the
407	   client's Client FQDN option to determine how to respond:

409	   o  If the client's "E" bit is 0 and the server does not support ASCII
410	      encoding (Section 3.3.1), the server SHOULD ignore the Client FQDN
411	      option.
412	   o  The server sets to 0 the "S", "O", and "N" Flag bits in its copy
413	      of the option it will return to the client.  The server copies the
414	      client's "E" bit.
415	   o  If the client's "N" bit is 1 and the server's configuration allows
416	      it to honor the client's request for no server initiated DNS
417	      updates, the server sets the "N" bit to 1.
418	   o  Otherwise, if the client's "S" bit is 1 and the servers's
419	      configuration allows it to honor the client's request for the
420	      server to initiate A RR DNS updates and if it has the necessary
421	      credentials, the server sets the "S" to 1.  If the server's "S"
422	      bit does not match the client's "S" bit, the server sets the "O"
423	      bit to 1.

425	   The server MAY be configured to use the name supplied in the client's
426	   Client FQDN option, or it MAY be configured to modify the supplied
427	   name, or substitute a different name.  The server SHOULD send its
428	   notion of the complete FQDN for the client in the Domain Name field.
429	   The server MAY simply copy the Domain Name field from the Client FQDN
430	   option that the client sent to the server.  The server MUST use the
431	   same encoding format (ASCII or DNS binary encoding) that the client
432	   used in the Client FQDN option in its DHCPDISCOVER or DHCPREQUEST,
433	   and MUST set the "E" bit in the option's Flags field accordingly.

435	   If a client sends both the Client FQDN and Host Name option, the
436	   server SHOULD ignore the Host Name option.

438	   The server SHOULD set the RCODE1 and RCODE2 fields to 255 before
439	   sending the Client FQDN message to the client in a DHCPOFFER or
440	   DHCPACK.

442	5.1  When to Perform DNS Updates

444	   The server SHOULD NOT perform any DNS updates if the "N" bit is 1 in
445	   the Flags field of the Client FQDN option in the DHCPACK messages (to
446	   be) sent to the client.  However, the server SHOULD delete any RRs
447	   which it previously added via DNS updates for the client.

449	   The server MAY perform the PTR RR DNS update (unless the "N" bit is
450	   1).

452	   The server MAY perform the A RR DNS update if the "S" bit is 1 in the
453	   Flags field of the Client FQDN option in the DHCPACK message (to be)
454	   sent to the client.

456	   The server MAY perform these updates even if the client's DHCPREQUEST
457	   did not carry the Client FQDN option.  The server MUST NOT initiate
458	   DNS updates when responding to DHCPDISCOVER messages from a client.

460	   The server MAY complete its DNS updates (PTR RR or PTR and A RR)
461	   before the server sends the DHCPACK message to the client.
462	   Alternatively, the server MAY send the DHCPACK message to the client
463	   without waiting for the update to be completed.  Whether the DNS
464	   update occurs before or after the DHCPACK is sent is entirely up to
465	   the DHCP server's configuration.

467	   If the server's A RR DNS update does not complete until after the
468	   server has replied to the DHCP client, the server's interaction with
469	   the DNS server MAY cause the DHCP server to change the domain name
470	   that it associates with the client.  This can occur, for example, if
471	   the server detects and resolves a domain-name conflict [7].  In such
472	   cases, the domain name that the server returns to the DHCP client
473	   would change between two DHCP exchanges.

475	   If the server previously performed DNS updates for the client and the
476	   client's information has not changed, the server MAY skip performing
477	   additional DNS updates.

479	   When a server detects that a lease on an address that the server
480	   leases to a client has expired, the server SHOULD delete any PTR RR
481	   which it added via DNS update.  In addition, if the server added an A
482	   RR on the client's behalf, the server SHOULD also delete the A RR.

484	   When a server terminates a lease on an address prior to the lease's
485	   expiration time, for instance by sending a DHCPNAK to a client, the
486	   server SHOULD delete any PTR RR which it associated with the address
487	   via DNS update.  In addition, if the server took responsibility for
488	   an A RR, the server SHOULD also delete that A RR.

490	6.  DNS Update Conflicts

492	   This document does not resolve how a DHCP client or server prevent
493	   name conflicts.  This document addresses only how a DHCP client and
494	   server negotiate who will perform the DNS updates and the fully
495	   qualified domain name requested or used.

497	   Implementers of this work will need to consider how name conflicts
498	   will be prevented.  If a DNS updater needs a security token in order
499	   to successfully perform DNS updates on a specific name, name
500	   conflicts can only occur if multiple clients are given a security
501	   token for that name.  Or, if the fully qualified domains are based on
502	   the specific address bound to a client, conflicts will not occur.
503	   Or, a name conflict resolution technique as described in "Resolving
504	   Name Conflicts" [7]) SHOULD be used.

506	7.  IANA Considerations

508	   IANA has already assigned DHCP option 81 to the Client FQDN option.
509	   As this document updates the option's use, IANA is requested to
510	   reference this document for option 81.

512	8.  Security Considerations

514	   Unauthenticated updates to the DNS can lead to tremendous confusion,
515	   through malicious attack or through inadvertent misconfiguration.
516	   Administrators need to be wary of permitting unsecured DNS updates to
517	   zones which are exposed to the global Internet.  Both DHCP clients
518	   and servers should use some form of update request origin
519	   authentication procedure (e.g., Secure DNS Dynamic Update [12]) when
520	   performing DNS updates.

522	   Whether a DHCP client is responsible for updating an FQDN to IP
523	   address mapping or whether this is the responsibility of the DHCP
524	   server is a site-local matter.  The choice between the two
525	   alternatives is likely based on the security model that is used with
526	   the DNS update protocol (e.g., only a client may have sufficient
527	   credentials to perform updates to the FQDN to IP address mapping for
528	   its FQDN).

530	   Whether a DHCP server is always responsible for updating the FQDN to
531	   IP address mapping (in addition to updating the IP to FQDN mapping),
532	   regardless of the wishes of an individual DHCP client, is also a
533	   site-local matter.  The choice between the two alternatives is likely
534	   based on the security model that is being used with DNS updates.  In
535	   cases where a DHCP server is performing DNS updates on behalf of a
536	   client, the DHCP server should be sure of the DNS name to use for the
537	   client, and of the identity of the client.

539	   Currently, it is difficult for DHCP servers to develop much
540	   confidence in the identities of its clients, given the absence of
541	   entity authentication from the DHCP protocol itself.  There are many
542	   ways for a DHCP server to develop a DNS name to use for a client, but
543	   only in certain relatively unusual circumstances will the DHCP server
544	   know for certain the identity of the client.  If DHCP Authentication
545	   [13] becomes widely deployed this may become more customary.

547	   One example of a situation which offers some extra assurances is one
548	   where the DHCP client is connected to a network through an MCNS cable
549	   modem, and the CMTS (head-end) ensures that MAC address spoofing
550	   simply does not occur.  Another example of a configuration that might
551	   be trusted is one where clients obtain network access via a network
552	   access server using PPP.  The NAS itself might be obtaining IP
553	   addresses via DHCP, encoding a client identification into the DHCP
554	   client-id option.  In this case, the network access server as well as
555	   the DHCP server might be operating within a trusted environment, in
556	   which case the DHCP server could be configured to trust that the user
557	   authentication and authorization procedure of the remote access
558	   server was sufficient, and would therefore trust the client
559	   identification encoded within the DHCP client-id.

561	9.  Acknowledgements

563	   Many thanks to Mark Beyer, Jim Bound, Ralph Droms, Robert Elz, Peter
564	   Ford, Olafur Gudmundsson, Edie Gunter, Andreas Gustafsson, David W.
565	   Hankins, R.  Barr Hibbs, Kim Kinnear, Stuart Kwan, Ted Lemon, Ed
566	   Lewis, Michael Lewis, Josh Littlefield, Michael Patton, Jyrki Soini,
567	   and Glenn Stump for their review and comments.

569	10.  References

571	10.1  Normative References

573	   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
574	        Levels", BCP 14, RFC 2119, March 1997.

576	   [2]  Mockapetris, P., "Domain names - concepts and facilities",
577	        STD 13, RFC 1034, November 1987.

579	   [3]  Mockapetris, P., "Domain names - implementation and
580	        specification", STD 13, RFC 1035, November 1987.

582	   [4]  Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
583	        Updates in the Domain Name System (DNS UPDATE)", RFC 2136, April
584	        1997.

586	   [5]  Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
587	        March 1997.

589	   [6]  Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G. and E.
590	        Lear, "Address Allocation for Private Internets", BCP 5,
591	        RFC 1918, February 1996.

593	   [7]  Stapp, M. and B. Volz, "Resolution of DNS Name Conflicts Among
594	        DHCP Clients (draft-ietf-dhc-ddns-resolution-*.txt)", September
595	        2004.

597	10.2  Informative References

599	   [8]   Marine, A., Reynolds, J. and G. Malkin, "FYI on Questions and
600	         Answers - Answers to Commonly asked "New Internet User"
601	         Questions", RFC 1594, March 1994.

603	   [9]   Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
604	         Extensions", RFC 2132, March 1997.

606	   [10]  Yergeau, F., "UTF-8, a transformation format of ISO 10646",
607	         RFC 2279, January 1998.

609	   [11]  Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671,
610	         August 1999.

612	   [12]  Wellington, B., "Secure Domain Name System (DNS) Dynamic
613	         Update", RFC 3007, November 2000.

615	   [13]  Droms, R. and W. Arbaugh, "Authentication for DHCP Messages",
616	         RFC 3118, June 2001.

618	Authors' Addresses

620	   Mark Stapp
621	   Cisco Systems, Inc.
622	   1414 Massachusetts Ave.
623	   Boxborough, MA  01719
624	   USA

626	   Phone: 978.936.1535
627	   Email: mjs@cisco.com

629	   Bernie Volz
630	   Cisco Systems, Inc.
631	   1414 Massachusetts Ave.
632	   Boxborough, MA  01719
633	   USA

635	   Phone: 978.936.0382
636	   Email: volz@cisco.com

638	   Yakov Rekhter
639	   Juniper Networks
640	   1194 North Mathilda Avenue
641	   Sunnyvale, CA  94089
642	   USA

644	   Phone: 408.745.2000
645	   Email: yakov@juniper.net

647	Intellectual Property Statement

649	   The IETF takes no position regarding the validity or scope of any
650	   Intellectual Property Rights or other rights that might be claimed to
651	   pertain to the implementation or use of the technology described in
652	   this document or the extent to which any license under such rights
653	   might or might not be available; nor does it represent that it has
654	   made any independent effort to identify any such rights.  Information
655	   on the procedures with respect to rights in RFC documents can be
656	   found in BCP 78 and BCP 79.

658	   Copies of IPR disclosures made to the IETF Secretariat and any
659	   assurances of licenses to be made available, or the result of an
660	   attempt made to obtain a general license or permission for the use of
661	   such proprietary rights by implementers or users of this
662	   specification can be obtained from the IETF on-line IPR repository at
663	   http://www.ietf.org/ipr.

665	   The IETF invites any interested party to bring to its attention any
666	   copyrights, patents or patent applications, or other proprietary
667	   rights that may cover technology that may be required to implement
668	   this standard.  Please address the information to the IETF at
669	   ietf-ipr@ietf.org.

671	Disclaimer of Validity

673	   This document and the information contained herein are provided on an
674	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
675	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
676	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
677	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
678	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
679	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

681	Copyright Statement

683	   Copyright (C) The Internet Society (2005).  This document is subject
684	   to the rights, licenses and restrictions contained in BCP 78, and
685	   except as set forth therein, the authors retain all their rights.

687	Acknowledgment

689	   Funding for the RFC Editor function is currently provided by the
690	   Internet Society.