Re: [dhcwg] Trust model of Client FQDN option
Ted Lemon <mellon@fugue.com> Wed, 04 August 2004 17:55 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23574; Wed, 4 Aug 2004 13:55:40 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BsPsv-0007Tm-JQ; Wed, 04 Aug 2004 13:49:05 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BsPnO-0006P2-CU for dhcwg@megatron.ietf.org; Wed, 04 Aug 2004 13:43:22 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA22471 for <dhcwg@ietf.org>; Wed, 4 Aug 2004 13:43:21 -0400 (EDT)
Received: from toccata.fugue.com ([204.152.186.142]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1BsPqh-0004X5-LN for dhcwg@ietf.org; Wed, 04 Aug 2004 13:46:49 -0400
Received: from [66.93.162.248] (0127bhost247.starwoodbroadband.com [12.105.247.247]) by toccata.fugue.com (Postfix) with ESMTP id 9F1041B2219; Wed, 4 Aug 2004 12:42:23 -0500 (CDT)
In-Reply-To: <002101c47a46$f10e92a0$3f428182@amer.cisco.com>
References: <002101c47a46$f10e92a0$3f428182@amer.cisco.com>
Mime-Version: 1.0 (Apple Message framework v618)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <C3FD5408-E63D-11D8-8860-000A95D9C74C@fugue.com>
Content-Transfer-Encoding: 7bit
From: Ted Lemon <mellon@fugue.com>
Subject: Re: [dhcwg] Trust model of Client FQDN option
Date: Wed, 04 Aug 2004 10:43:16 -0700
To: Bernie Volz <volz@cisco.com>
X-Mailer: Apple Mail (2.618)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8
Content-Transfer-Encoding: 7bit
Cc: "<dhcwg@ietf.org>" <dhcwg@ietf.org>
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
Content-Transfer-Encoding: 7bit
On Aug 4, 2004, at 10:17 AM, Bernie Volz wrote: > -> If the query returns NODATA, the updater can conclude that the > target > -> name is in use, but that no DHCID RR is present. This indicates > that > -> some records have been configured by an administrator. Whether the > -> updater proceeds with an update is a matter of local administrative > -> policy. Hm, this is interesting. As a point of information, the two implementations with which I am familiar do not give the administrator a knob to tweak here. We just assume that if the name is in the DNS and doesn't have a DHCID (well, TXT) record, we shouldn't scribble on it. I think a stronger statement here might be better: Whether the updater proceeds with an update is a matter of local administrative policy. DHCP servers MUST NOT proceed with the update unless explicitly configured to do so. The draft should talk about these two issues in the security considerations section, and the FQDN drafts should mention in the security considerations section that these security considerations are addressed in the resolution draft. I don't think we can make any requirements to address this, but the answers we came up with in response to Pekka's query could reasonably go into the security considerations section of one or all of the drafts: 1. If the DHCP server does updates, there is no way to prevent one client from getting a name after another client had it, but that client's lease expired. 2. If the DHCP server does updates, it will be possible for DHCP clients to request names that might have special meaning, like www or wwww. This can be handled in one of two ways: a. Use a special zone for dynamic names, so that it doesn't matter that the client gets www.dyndns.bigcompany.org, or b. If the DHCP server provides this capability, set up a filter on the DHCP server that prevents certain names from being claimed by clients, even if they do not currently appear in the DNS. 3. If the DHCP server does updates, and is allowed to override names that do not have DHCID records, this can mean that a client will get a name that is already registered for some purpose in the DNS. This behavior is required to be disabled by default, so it should not be a problem in practice, but we mention it here to raise awareness of the implications of configuring your DHCP server to allow it. Hm, one other problem that occurs to me is that a client could send something like "www.students" in the fqdn option, and this could turn into "www.students.littlecollege.edu". That is a vaguely official-looking name. So any filtering that needs doing based on specific reserved names like "www" needs to be on the first label in the name, not on the entire name. _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Trust model of Client FQDN option Pekka Savola
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- Re: [dhcwg] Trust model of Client FQDN option Pekka Savola
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Mark Stapp
- RE: [dhcwg] Trust model of Client FQDN option Pekka Savola
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon