RE: [dhcwg] Host Name option considerations draft
Richard Barr Hibbs <rbhibbs@pacbell.net> Tue, 05 March 2002 19:21 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22026 for <dhcwg-archive@odin.ietf.org>; Tue, 5 Mar 2002 14:21:19 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id OAA28311 for dhcwg-archive@odin.ietf.org; Tue, 5 Mar 2002 14:21:21 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA27993; Tue, 5 Mar 2002 14:18:15 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA27972 for <dhcwg@optimus.ietf.org>; Tue, 5 Mar 2002 14:18:13 -0500 (EST)
Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21764 for <dhcwg@ietf.org>; Tue, 5 Mar 2002 14:18:11 -0500 (EST)
Received: from BarrH63p601 ([63.193.193.26]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GSI00EN3LMBPX@mta6.snfc21.pbi.net> for dhcwg@ietf.org; Tue, 05 Mar 2002 11:18:12 -0800 (PST)
Date: Tue, 05 Mar 2002 11:17:44 -0800
From: Richard Barr Hibbs <rbhibbs@pacbell.net>
Subject: RE: [dhcwg] Host Name option considerations draft
In-reply-to: <200202220305.g1M35Nsu161909@jurassic.eng.sun.com>
To: dhcwg@ietf.org
Reply-to: rbhibbs@pacbell.net
Message-id: <JCELKJCFMDGAKJCIGGPNKEPADKAA.rbhibbs@pacbell.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <dhcwg.ietf.org>
X-BeenThere: dhcwg@ietf.org
Content-Transfer-Encoding: 7bit
Carl, Ted, et al.--
I've cut and pasted some sections from the draft with my comments....
--Barr
<*Snip!*>
3. Interactions with Name Services
A DHCP client's use of the Host Name option should be fairly
straightforward, but users report problems, particularly with the
interactions between it and Domain Name option and between the DNS
(RFC 1034 [5] and RFC 1035 [6]) and other naming services so we
reiterate and expand the description of the expected behavior:
if a DHCP server supplies both Host Name and Domain Name
options to a client, the host name SHOULD NOT be fully-
qualified
*corollary one* -- the Domain Name option also SHOULD NOT be fully-qualified
*corollary two* -- the name formed by concatenating Host Name and Domain
Name MUST be the Fully-Qualified Domain Name of the host, that is, there
should be no other prefixes or suffixes added to the Host Name and Domain
Name parts in creating the FQDN
if a DHCP server supplies only a Host Name option, the host
name SHOULD be fully qualified; the server MUST append only DNS
domain names in forming a fully-qualified name
Carl, I don't understand your point here: if the Host Name part IS
fully-qualified, how can any other information be added to it and make an
understandable name? For example, if the Host Name part is
"rabbit.warren.org" what could be appended that makes any sense?
a client MUST check to see whether a Host Name option contains
a fully-qualified name and if so, MUST NOT append the value of
the Domain Name option (if present) in forming its fully-
qualified domain name
Carl, I think "MUST" is too strong here, plus I think this wording calls for
a specific level of sophistication in a client where it really should be an
implementation decision. Having said that, if I understand this point
correctly, to mean that you are trying to guide a client so that invalid
FQDNs are not unintentionally created, I agree with the concept. How about
wording such as:
"a client SHOULD check for the presence of both Host Name
and Domain Name options, forming the FQDN by appending the
Domain Name to the Host Name. A client MAY wish to compare
the Host Name option to the Domain Name option to verify
that the Host Name option does not include the Domain Name
part before concatenating the parts."
The proposed wording does not require the client either to have local
knowledge of Top Level Domain names or to perform a DNS lookup on the Host
Name to determine if it is fully-qualified, which are the only two ways I
can imagine for the client to test the name as you proposed.
since a Host Name option's value may be fully-qualified only by
supplying the DNS domain name, a client that receives a fully-
qualified name in the Host Name option MAY infer the DNS domain
name from the suffix of the supplied host name. This inference
remains valid even in the presence of client configuration
information or policies that prefer other name services in
favor of, or in place of, DNS.
Carl, I don't understand what you're saying here. Perhaps a few examples
will show you my confusion:
1. Host Name: "mike"
Domain Name: "inside.sales.bluebear.co.uk"
2. Host Name: "mike.inside.sales"
Domain Name: "bluebear.co.uk"
3. Host Name: "mike.inside.sales.bluebear.co.uk"
Domain Name: ""
In (1) and (2) appending the Domain Name to the Host Name clearly produces
an FQDN, but which is the "correct" representation of the "DNS domain name"
since both are valid representations?
In (3), the Host Name *is* the FQDN, but how do I parse it properly into a
"DNS domain name" given that simple rules such as "use the last two parts of
the name" (which works for things like "dot.com") renders the DNS domain
name as "co.uk" which I don't think is what you intend.
<*Snip!*>
4.1 DHCP Client Considerations and Behavior
A DHCP client that uses the Host Name option to request a DNS
update MUST be prepared to independently verify the success or
failure of the request before using the name in a manner that
would imply its validity. If a DHCP server returns the requested
name in the DHCPACK's Host Name option, the client MAY infer that
the server has honored its request.
There are a number of reasons that a DHCP server may fail to
return a Host Name option, so nothing should be inferred from the
option's absence in the DHCPACK. The client MAY supply the option
on subsequent RENEW operations as a method of retrying the
request. However, if the Host Name option is absent in the
DHCPACK, the client MUST NOT use the requested name until it has
verified the validity of the association between it and the IP
address supplied in the yiaddr field. Moreover, if the name
returned in the DHCPACK is different from the one requested, the
client MUST use the new name.
So, are you implying that (1) if a client does not request a Host Name
option from the server [typical of several widely-deployed clients!] but (2)
the server returns a Host Name option anyway in a DHCPACK, the client should
accept the [presumably] unwanted name? I think this will break a whole lot
of deployed clients.
A DHCP client MAY send either an unqualified or fully-qualified
name in the Host Name option. Clients sending unqualified names
are implicitly relying on DHCP servers to associate the clients
with the appropriate zone before issuing any updates to DNS. A
DHCP client in INIT state SHOULD fill in the requested host name
in the DHCPDISCOVER packet. It MUST do so in its subsequent
DHCPREQUEST packet.
Here, again, I don't know how the server can reliably parse an FQDN sent in
the Host Name option.
<*Snip!*>
4.2 DHCP Server Considerations and Behavior
Use of the FQDN option makes it possible to easily separate update
operations into pieces corresponding to what are thought of as the
traditional ownership boundaries: DHCP servers own the addresses
they lease, while the clients own their names. This boundary is
not present when the Host Name option is used: the implied proxy
update request assumes that the DHCP server has sufficient
privilege to change both the A and PTR records. That is, it
``owns'' both.
For this and other reasons, use of the FQDN option is preferred:
a DHCP server that receives both a Host Name option and a client
FQDN option MUST prefer the FQDN option. In such a case, the
server SHOULD behave as if the Host Name option is not present.
I'm inclined to go further and suggest:
"If a server receives both the Host Name option and the FQDN
option from a client [for whom DNS updates are being proxied] the
fully qualified name formed by appending the Domain Name to the
client-supplied Host Name MUST be identical to the FQDN option
for the server to update DNS on behalf of the client. The server
SHOULD return an error to the client if the names do not match."
This is something that has always bothered me about the FQDN option and the
DHCP-DNS update protocol -- is a mismatch an unintentional accident or an
attempt to confuse and invalidate DNS records?
<*Snip!*>
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Host Name option considerations draft Carl Smith
- RE: [dhcwg] Host Name option considerations draft Richard Barr Hibbs
- RE: [dhcwg] Host Name option considerations draft Bernie Volz (EUD)
- Re: [dhcwg] Host Name option considerations draft Carl Smith
- RE: [dhcwg] Host Name option considerations draft Richard Barr Hibbs
- Re: [dhcwg] Host Name option considerations draft Carl Smith
- RE: [dhcwg] Host Name option considerations draft Richard Barr Hibbs
- Re: [dhcwg] Host Name option considerations draft Carl Smith