RE: [dhcwg] Host Name option considerations draft
Richard Barr Hibbs <rbhibbs@pacbell.net> Tue, 05 March 2002 19:21 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22026 for <dhcwg-archive@odin.ietf.org>; Tue, 5 Mar 2002 14:21:19 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id OAA28311 for dhcwg-archive@odin.ietf.org; Tue, 5 Mar 2002 14:21:21 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA27993; Tue, 5 Mar 2002 14:18:15 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA27972 for <dhcwg@optimus.ietf.org>; Tue, 5 Mar 2002 14:18:13 -0500 (EST)
Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21764 for <dhcwg@ietf.org>; Tue, 5 Mar 2002 14:18:11 -0500 (EST)
Received: from BarrH63p601 ([63.193.193.26]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GSI00EN3LMBPX@mta6.snfc21.pbi.net> for dhcwg@ietf.org; Tue, 05 Mar 2002 11:18:12 -0800 (PST)
Date: Tue, 05 Mar 2002 11:17:44 -0800
From: Richard Barr Hibbs <rbhibbs@pacbell.net>
Subject: RE: [dhcwg] Host Name option considerations draft
In-reply-to: <200202220305.g1M35Nsu161909@jurassic.eng.sun.com>
To: dhcwg@ietf.org
Reply-to: rbhibbs@pacbell.net
Message-id: <JCELKJCFMDGAKJCIGGPNKEPADKAA.rbhibbs@pacbell.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <dhcwg.ietf.org>
X-BeenThere: dhcwg@ietf.org
Content-Transfer-Encoding: 7bit
Carl, Ted, et al.-- I've cut and pasted some sections from the draft with my comments.... --Barr <*Snip!*> 3. Interactions with Name Services A DHCP client's use of the Host Name option should be fairly straightforward, but users report problems, particularly with the interactions between it and Domain Name option and between the DNS (RFC 1034 [5] and RFC 1035 [6]) and other naming services so we reiterate and expand the description of the expected behavior: if a DHCP server supplies both Host Name and Domain Name options to a client, the host name SHOULD NOT be fully- qualified *corollary one* -- the Domain Name option also SHOULD NOT be fully-qualified *corollary two* -- the name formed by concatenating Host Name and Domain Name MUST be the Fully-Qualified Domain Name of the host, that is, there should be no other prefixes or suffixes added to the Host Name and Domain Name parts in creating the FQDN if a DHCP server supplies only a Host Name option, the host name SHOULD be fully qualified; the server MUST append only DNS domain names in forming a fully-qualified name Carl, I don't understand your point here: if the Host Name part IS fully-qualified, how can any other information be added to it and make an understandable name? For example, if the Host Name part is "rabbit.warren.org" what could be appended that makes any sense? a client MUST check to see whether a Host Name option contains a fully-qualified name and if so, MUST NOT append the value of the Domain Name option (if present) in forming its fully- qualified domain name Carl, I think "MUST" is too strong here, plus I think this wording calls for a specific level of sophistication in a client where it really should be an implementation decision. Having said that, if I understand this point correctly, to mean that you are trying to guide a client so that invalid FQDNs are not unintentionally created, I agree with the concept. How about wording such as: "a client SHOULD check for the presence of both Host Name and Domain Name options, forming the FQDN by appending the Domain Name to the Host Name. A client MAY wish to compare the Host Name option to the Domain Name option to verify that the Host Name option does not include the Domain Name part before concatenating the parts." The proposed wording does not require the client either to have local knowledge of Top Level Domain names or to perform a DNS lookup on the Host Name to determine if it is fully-qualified, which are the only two ways I can imagine for the client to test the name as you proposed. since a Host Name option's value may be fully-qualified only by supplying the DNS domain name, a client that receives a fully- qualified name in the Host Name option MAY infer the DNS domain name from the suffix of the supplied host name. This inference remains valid even in the presence of client configuration information or policies that prefer other name services in favor of, or in place of, DNS. Carl, I don't understand what you're saying here. Perhaps a few examples will show you my confusion: 1. Host Name: "mike" Domain Name: "inside.sales.bluebear.co.uk" 2. Host Name: "mike.inside.sales" Domain Name: "bluebear.co.uk" 3. Host Name: "mike.inside.sales.bluebear.co.uk" Domain Name: "" In (1) and (2) appending the Domain Name to the Host Name clearly produces an FQDN, but which is the "correct" representation of the "DNS domain name" since both are valid representations? In (3), the Host Name *is* the FQDN, but how do I parse it properly into a "DNS domain name" given that simple rules such as "use the last two parts of the name" (which works for things like "dot.com") renders the DNS domain name as "co.uk" which I don't think is what you intend. <*Snip!*> 4.1 DHCP Client Considerations and Behavior A DHCP client that uses the Host Name option to request a DNS update MUST be prepared to independently verify the success or failure of the request before using the name in a manner that would imply its validity. If a DHCP server returns the requested name in the DHCPACK's Host Name option, the client MAY infer that the server has honored its request. There are a number of reasons that a DHCP server may fail to return a Host Name option, so nothing should be inferred from the option's absence in the DHCPACK. The client MAY supply the option on subsequent RENEW operations as a method of retrying the request. However, if the Host Name option is absent in the DHCPACK, the client MUST NOT use the requested name until it has verified the validity of the association between it and the IP address supplied in the yiaddr field. Moreover, if the name returned in the DHCPACK is different from the one requested, the client MUST use the new name. So, are you implying that (1) if a client does not request a Host Name option from the server [typical of several widely-deployed clients!] but (2) the server returns a Host Name option anyway in a DHCPACK, the client should accept the [presumably] unwanted name? I think this will break a whole lot of deployed clients. A DHCP client MAY send either an unqualified or fully-qualified name in the Host Name option. Clients sending unqualified names are implicitly relying on DHCP servers to associate the clients with the appropriate zone before issuing any updates to DNS. A DHCP client in INIT state SHOULD fill in the requested host name in the DHCPDISCOVER packet. It MUST do so in its subsequent DHCPREQUEST packet. Here, again, I don't know how the server can reliably parse an FQDN sent in the Host Name option. <*Snip!*> 4.2 DHCP Server Considerations and Behavior Use of the FQDN option makes it possible to easily separate update operations into pieces corresponding to what are thought of as the traditional ownership boundaries: DHCP servers own the addresses they lease, while the clients own their names. This boundary is not present when the Host Name option is used: the implied proxy update request assumes that the DHCP server has sufficient privilege to change both the A and PTR records. That is, it ``owns'' both. For this and other reasons, use of the FQDN option is preferred: a DHCP server that receives both a Host Name option and a client FQDN option MUST prefer the FQDN option. In such a case, the server SHOULD behave as if the Host Name option is not present. I'm inclined to go further and suggest: "If a server receives both the Host Name option and the FQDN option from a client [for whom DNS updates are being proxied] the fully qualified name formed by appending the Domain Name to the client-supplied Host Name MUST be identical to the FQDN option for the server to update DNS on behalf of the client. The server SHOULD return an error to the client if the names do not match." This is something that has always bothered me about the FQDN option and the DHCP-DNS update protocol -- is a mismatch an unintentional accident or an attempt to confuse and invalidate DNS records? <*Snip!*> _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Host Name option considerations draft Carl Smith
- RE: [dhcwg] Host Name option considerations draft Richard Barr Hibbs
- RE: [dhcwg] Host Name option considerations draft Bernie Volz (EUD)
- Re: [dhcwg] Host Name option considerations draft Carl Smith
- RE: [dhcwg] Host Name option considerations draft Richard Barr Hibbs
- Re: [dhcwg] Host Name option considerations draft Carl Smith
- RE: [dhcwg] Host Name option considerations draft Richard Barr Hibbs
- Re: [dhcwg] Host Name option considerations draft Carl Smith