IETF Logo Mail Archive

Re: [dhcwg] DDNS-DHCP [3]: Resolving conflicts between updates to A and AAAA records

Josh Littlefield <joshl@cisco.com> Fri, 20 June 2003 15:31 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA12793 for <dhcwg-archive@odin.ietf.org>; Fri, 20 Jun 2003 11:31:53 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5KFVPv21868 for dhcwg-archive@odin.ietf.org; Fri, 20 Jun 2003 11:31:25 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TNrJ-0005gd-7w for dhcwg-web-archive@optimus.ietf.org; Fri, 20 Jun 2003 11:31:25 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA12690 for <dhcwg-web-archive@ietf.org>; Fri, 20 Jun 2003 11:31:22 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TNrI-0005c4-00 for dhcwg-web-archive@ietf.org; Fri, 20 Jun 2003 11:31:24 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TNrH-0005c1-00 for dhcwg-web-archive@ietf.org; Fri, 20 Jun 2003 11:31:23 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TNqx-0005Zv-0F; Fri, 20 Jun 2003 11:31:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TNqO-0005Om-2M for dhcwg@optimus.ietf.org; Fri, 20 Jun 2003 11:30:28 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA12543 for <dhcwg@ietf.org>; Fri, 20 Jun 2003 11:30:25 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TNqN-0005Zy-00 for dhcwg@ietf.org; Fri, 20 Jun 2003 11:30:27 -0400
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by ietf-mx with esmtp (Exim 4.12) id 19TNqM-0005Z7-00 for dhcwg@ietf.org; Fri, 20 Jun 2003 11:30:26 -0400
Received: from cisco.com (funnel.cisco.com [161.44.168.79]) by rtp-core-1.cisco.com (8.12.9/8.12.6) with ESMTP id h5KFTrO1029480; Fri, 20 Jun 2003 11:29:54 -0400 (EDT)
Received: from cisco.com ([161.44.65.124]) by cisco.com (8.8.5-Cisco.1/8.8.8) with ESMTP id LAA20087; Fri, 20 Jun 2003 11:29:52 -0400 (EDT)
Message-ID: <3EF32870.1040007@cisco.com>
Date: Fri, 20 Jun 2003 11:29:52 -0400
From: Josh Littlefield <joshl@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ralph Droms <rdroms@cisco.com>
CC: dhcwg@ietf.org, namedroppers@ops.ietf.org
Subject: Re: [dhcwg] DDNS-DHCP [3]: Resolving conflicts between updates to A and AAAA records
References: <4.3.2.7.2.20030606002703.03d40c28@funnel.cisco.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

Ralph Droms wrote:
> DDNS-DHCP issue:
> 
>    The interaction between DHCPv4 and DHCPv6 needs to be carefully
>    defined.  Suppose a DHCPv4 server updates the A RR and a DHCPv6
>    server updates the AAAA RR of the same node?  How is the conflict
>    in the use of the DHCID RR for that node resolved?

With the current definition of the DHCID RR and the proposed algorithm 
in draft-ietf-dhc-ddns-resolution-05.txt, there is clearly an issue to 
be resolved.  The resolution could take the form of changing the DHCID 
RR definition to be v4-only, and adding a new DHCIDv6 RR for v6, or if 
could take the form of changing the algorithm in the dhc-ddns I-D.

The issue is the algorithm's implicit expectation that just one DHCID RR 
will be present on a name.  That may not be the case for a dual-stack 
client, where 2 different DHCID RRs would be generated.

The implicit expectation that DHCID is effectively a singleton occurs in 
  2 places in the algorithm:

1) In 6.1 (Adding A RRs): The first update asserts the name does not 
exist.  Failing that, the next update asserts the name exists with the 
expected DHCID.  When this fails (as it will if a v6 DHCID is already 
there with now v4 DHCID), the entire update fails, concluding the name 
is in use by someone else.

This second update will also fail if the anticipated v4 DHCID is already 
  there, but a v6 DHCID is there as well.  This is because DNS Update 
does not allow one to assert the presence of only one RR in an RR set. 
Instead, one must assert the entire RR set looks a certain way.  So for 
this second update to succeed, it would need to include the v6 DHCID RR.

2) In 6.3 (Removing Entries): Again, an assertion problem with the DHCID 
(in the case of removing A/AAAA records).  To succeed, the assertion 
would have to include all DHCID RRs on the name.

In order to allow the coexistence of both v4 and v6 DHCID RRs on the 
same name, the algorithm would need change, to add additional steps, as 
follows:

In 6.1, the last paragraph (before the DISCUSSION), on receiving NXRRSET 
to the second query (Update), the updater would then need to send a 
Query to learn the existing DHCID RR set on the name.  The updater would 
then need to examine this DHCID RR set, and determine whether the update 
should, or should not occur.  Most likely, the only case in which the 
update should occur is when the updater is able to determine that the 
existing DHCID RRs correspond to the same DHCP client. (This is not an 
easy determination to make if, for example, a v6 DHCID RR exists when 
making a v4 update, unless the updater generated the existing DHCID RR.)

If it is determined by the updater that the update should proceed, the 
update sent should employ prerequisites  asserting the state of the 
entire existing DHCID RR set.  This is to ensure the RR set has not 
changed, since its state formed the basis for the update decision.

A similar additional 2 steps (query and update) would need to be added 
to section 6.3 when removing A or AAAA RRs.

I believe it may be acceptable to make these additional steps optional, 
at least in the forward (A, AAAA) update case.  An v4 (or v6) updater 
who finds an existing v6 (or v4) DHCID RR may be unable to tell that the 
existing RR corresponds to the same client, since the RR data is a hash 
of something that updater doesn't know.  So querying the existing DHCID 
RRs may provide no information to persuade the updater to update that 
name. By not implementing the additional algorithm steps, that updater 
would be implementing a strict policy of name segregation, which may be 
the best it can do.

Clearly, an updater than can determine that v4 and v6 DHCID RRs 
correspond to the same client (most likely because it was the source of 
both) should implement the additional steps.

There may be benefit to recommending (in a separate document?) that dual 
stack DHCP clients form DUIDs and client-IDs from the same data, to 
increase the likelihood that an updator would be able to predict the 
data of a v6 DHCID from a v4 DHCP packet, and vice versa.

-josh

-- 
=====================================================================
Josh Littlefield                                  Cisco Systems, Inc.
joshl@cisco.com                             1414 Massachusetts Avenue
tel: 978-936-1379  fax: same               Boxborough, MA  01719-2205


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.29.0 | Report a Bug | By Email | System Status