Re: [dhcwg] Trust model of Client FQDN option
Ted Lemon <mellon@fugue.com> Wed, 04 August 2004 17:55 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23574; Wed, 4 Aug 2004 13:55:40 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BsPsv-0007Tm-JQ; Wed, 04 Aug 2004 13:49:05 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BsPnO-0006P2-CU for dhcwg@megatron.ietf.org; Wed, 04 Aug 2004 13:43:22 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA22471 for <dhcwg@ietf.org>; Wed, 4 Aug 2004 13:43:21 -0400 (EDT)
Received: from toccata.fugue.com ([204.152.186.142]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1BsPqh-0004X5-LN for dhcwg@ietf.org; Wed, 04 Aug 2004 13:46:49 -0400
Received: from [66.93.162.248] (0127bhost247.starwoodbroadband.com [12.105.247.247]) by toccata.fugue.com (Postfix) with ESMTP id 9F1041B2219; Wed, 4 Aug 2004 12:42:23 -0500 (CDT)
In-Reply-To: <002101c47a46$f10e92a0$3f428182@amer.cisco.com>
References: <002101c47a46$f10e92a0$3f428182@amer.cisco.com>
Mime-Version: 1.0 (Apple Message framework v618)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <C3FD5408-E63D-11D8-8860-000A95D9C74C@fugue.com>
Content-Transfer-Encoding: 7bit
From: Ted Lemon <mellon@fugue.com>
Subject: Re: [dhcwg] Trust model of Client FQDN option
Date: Wed, 04 Aug 2004 10:43:16 -0700
To: Bernie Volz <volz@cisco.com>
X-Mailer: Apple Mail (2.618)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8
Content-Transfer-Encoding: 7bit
Cc: "<dhcwg@ietf.org>" <dhcwg@ietf.org>
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
Content-Transfer-Encoding: 7bit
On Aug 4, 2004, at 10:17 AM, Bernie Volz wrote:
> -> If the query returns NODATA, the updater can conclude that the
> target
> -> name is in use, but that no DHCID RR is present. This indicates
> that
> -> some records have been configured by an administrator. Whether the
> -> updater proceeds with an update is a matter of local administrative
> -> policy.
Hm, this is interesting. As a point of information, the two
implementations with which I am familiar do not give the administrator
a knob to tweak here. We just assume that if the name is in the DNS
and doesn't have a DHCID (well, TXT) record, we shouldn't scribble on
it.
I think a stronger statement here might be better:
Whether the updater proceeds with an update is a matter of local
administrative policy. DHCP servers MUST NOT proceed with the update
unless explicitly configured to do so.
The draft should talk about these two issues in the security
considerations section, and the FQDN drafts should mention in the
security considerations section that these security considerations are
addressed in the resolution draft. I don't think we can make any
requirements to address this, but the answers we came up with in
response to Pekka's query could reasonably go into the security
considerations section of one or all of the drafts:
1. If the DHCP server does updates, there is no way to prevent one
client from getting a name after another client had it, but that
client's lease expired.
2. If the DHCP server does updates, it will be possible for DHCP
clients to request names that might have special meaning, like www or
wwww. This can be handled in one of two ways:
a. Use a special zone for dynamic names, so that it doesn't
matter that the client gets www.dyndns.bigcompany.org, or
b. If the DHCP server provides this capability, set up a
filter on the DHCP server that prevents certain names from
being claimed by clients, even if they do not currently
appear in the DNS.
3. If the DHCP server does updates, and is allowed to override names
that do not have DHCID records, this can mean that a client will get a
name that is already registered for some purpose in the DNS. This
behavior is required to be disabled by default, so it should not be a
problem in practice, but we mention it here to raise awareness of the
implications of configuring your DHCP server to allow it.
Hm, one other problem that occurs to me is that a client could send
something like "www.students" in the fqdn option, and this could turn
into "www.students.littlecollege.edu". That is a vaguely
official-looking name. So any filtering that needs doing based on
specific reserved names like "www" needs to be on the first label in
the name, not on the entire name.
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Trust model of Client FQDN option Pekka Savola
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- Re: [dhcwg] Trust model of Client FQDN option Pekka Savola
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Mark Stapp
- RE: [dhcwg] Trust model of Client FQDN option Pekka Savola
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon