draft-ietf-dnsext-dhcid-rr-10.txt   draft-ietf-dnsext-dhcid-rr-11.txt 
DNSEXT M. Stapp DNSEXT M. Stapp
Internet-Draft Cisco Systems, Inc. Internet-Draft Cisco Systems, Inc.
Expires: March 28, 2006 T. Lemon Expires: August 28, 2006 T. Lemon
A. Gustafsson
Nominum, Inc. Nominum, Inc.
September 24, 2005 A. Gustafsson
Araneus Information Systems Oy
February 24, 2006
A DNS RR for Encoding DHCP Information (DHCID RR) A DNS RR for Encoding DHCP Information (DHCID RR)
<draft-ietf-dnsext-dhcid-rr-10.txt> <draft-ietf-dnsext-dhcid-rr-11.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 36 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 28, 2006. This Internet-Draft will expire on August 28, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
It is possible for multiple DHCP clients to attempt to update the It is possible for DHCP clients to attempt to update the same DNS
same DNS FQDN as they obtain DHCP leases. Whether the DHCP server or FQDN or attempt to update a DNS FQDN that has been added to the DNS
the clients themselves perform the DNS updates, conflicts can arise. for another purpose as they obtain DHCP leases. Whether the DHCP
To resolve such conflicts, "Resolution of DNS Name Conflicts" [1] server or the clients themselves perform the DNS updates, conflicts
proposes storing client identifiers in the DNS to unambiguously can arise. To resolve such conflicts, "Resolution of DNS Name
associate domain names with the DHCP clients to which they refer. Conflicts" [1] proposes storing client identifiers in the DNS to
unambiguously associate domain names with the DHCP clients to which
This memo defines a distinct RR type for this purpose for use by DHCP they refer. This memo defines a distinct RR type for this purpose
clients and servers, the "DHCID" RR. for use by DHCP clients and servers, the "DHCID" RR.
Table of Contents Table of Contents
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The DHCID RR . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. The DHCID RR . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. DHCID RDATA format . . . . . . . . . . . . . . . . . . . . 4 3.1. DHCID RDATA format . . . . . . . . . . . . . . . . . . . . 3
3.2. DHCID Presentation Format . . . . . . . . . . . . . . . . 4 3.2. DHCID Presentation Format . . . . . . . . . . . . . . . . 4
3.3. The DHCID RR Type Codes . . . . . . . . . . . . . . . . . 4 3.3. The DHCID RR Identifier Type Codes . . . . . . . . . . . . 4
3.4. Computation of the RDATA . . . . . . . . . . . . . . . . . 4 3.4. The DHCID RR Digest Type Code . . . . . . . . . . . . . . 4
3.5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.5. Computation of the RDATA . . . . . . . . . . . . . . . . . 5
3.5.1. Example 1 . . . . . . . . . . . . . . . . . . . . . . 5 3.6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.2. Example 2 . . . . . . . . . . . . . . . . . . . . . . 6 3.6.1. Example 1 . . . . . . . . . . . . . . . . . . . . . . 6
4. Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . . 6 3.6.2. Example 2 . . . . . . . . . . . . . . . . . . . . . . 6
5. Updater Behavior . . . . . . . . . . . . . . . . . . . . . . . 6 3.6.3. Example 3 . . . . . . . . . . . . . . . . . . . . . . 7
4. Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . . 7
5. Updater Behavior . . . . . . . . . . . . . . . . . . . . . . . 7
6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . . 8 9.2. Informative References . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . . . 10 Intellectual Property and Copyright Statements . . . . . . . . . . 11
1. Terminology 1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [2]. document are to be interpreted as described in RFC 2119 [2].
2. Introduction 2. Introduction
A set of procedures to allow DHCP [7] clients and servers to A set of procedures to allow DHCP [6] [9] clients and servers to
automatically update the DNS (RFC 1034 [3], RFC 1035 [4]) is proposed automatically update the DNS (RFC 1034 [3], RFC 1035 [4]) is proposed
in "Resolution of DNS Name Conflicts" [1]. in "Resolution of DNS Name Conflicts" [1].
Conflicts can arise if multiple DHCP clients wish to use the same DNS Conflicts can arise if multiple DHCP clients wish to use the same DNS
name. To resolve such conflicts, "Resolution of DNS Name Conflicts" name or a DHCP client attempts to use a name added for another
[1] proposes storing client identifiers in the DNS to unambiguously purpose. To resolve such conflicts, "Resolution of DNS Name
associate domain names with the DHCP clients using them. In the Conflicts" [1] proposes storing client identifiers in the DNS to
interest of clarity, it is preferable for this DHCP information to unambiguously associate domain names with the DHCP clients using
use a distinct RR type. This memo defines a distinct RR for this them. In the interest of clarity, it is preferable for this DHCP
purpose for use by DHCP clients or servers, the "DHCID" RR. information to use a distinct RR type. This memo defines a distinct
RR for this purpose for use by DHCP clients or servers, the "DHCID"
RR.
In order to avoid exposing potentially sensitive identifying In order to obscure potentially sensitive client identifying
information, the data stored is the result of a one-way MD5 [5] hash information, the data stored is the result of a one-way SHA-256 hash
computation. The hash includes information from the DHCP client's computation. The hash includes information from the DHCP client's
REQUEST message as well as the domain name itself, so that the data message as well as the domain name itself, so that the data stored in
stored in the DHCID RR will be dependent on both the client the DHCID RR will be dependent on both the client identification used
identification used in the DHCP protocol interaction and the domain in the DHCP protocol interaction and the domain name. This means
name. This means that the DHCID RDATA will vary if a single client that the DHCID RDATA will vary if a single client is associated over
is associated over time with more than one name. This makes it time with more than one name. This makes it difficult to 'track' a
difficult to 'track' a client as it is associated with various domain client as it is associated with various domain names.
names.
The MD5 hash algorithm has been shown to be weaker than the SHA-1
algorithm; it could therefore be argued that SHA-1 is a better
choice. However, SHA-1 is significantly slower than MD5. A
successful attack of MD5's weakness does not reveal the original data
that was used to generate the signature, but rather provides a new
set of input data that will produce the same signature. Because we
are using the MD5 hash to conceal the original data, the fact that an
attacker could produce a different plaintext resulting in the same
MD5 output is not significant concern.
3. The DHCID RR 3. The DHCID RR
The DHCID RR is defined with mnemonic DHCID and type code [TBD]. The The DHCID RR is defined with mnemonic DHCID and type code [TBD]. The
DHCID RR is only defined in the IN class. DHCID RRs cause no DHCID RR is only defined in the IN class. DHCID RRs cause no
additional section processing. The DHCID RR is not a singleton type. additional section processing. The DHCID RR is not a singleton type.
3.1. DHCID RDATA format 3.1. DHCID RDATA format
The RDATA section of a DHCID RR in transmission contains RDLENGTH The RDATA section of a DHCID RR in transmission contains RDLENGTH
bytes of binary data. The format of this data and its interpretation octets of binary data. The format of this data and its
by DHCP servers and clients are described below. interpretation by DHCP servers and clients are described below.
DNS software should consider the RDATA section to be opaque. DHCP DNS software should consider the RDATA section to be opaque. DHCP
clients or servers use the DHCID RR to associate a DHCP client's clients or servers use the DHCID RR to associate a DHCP client's
identity with a DNS name, so that multiple DHCP clients and servers identity with a DNS name, so that multiple DHCP clients and servers
may deterministically perform dynamic DNS updates to the same zone. may deterministically perform dynamic DNS updates to the same zone.
From the updater's perspective, the DHCID resource record RDATA From the updater's perspective, the DHCID resource record RDATA
consists of a 16-bit identifier type, in network byte order, followed consists of a 2-octet identifier type, in network byte order,
by one or more bytes representing the actual identifier: followed by a 1-octet digest type, followed by one or more octets
representing the actual identifier:
< 16 bits > DHCP identifier used < 2 octets > Identifier type code
< n bytes > MD5 digest < 1 octet > Digest type code
< n octets > Digest (length depends on digest type)
3.2. DHCID Presentation Format 3.2. DHCID Presentation Format
In DNS master files, the RDATA is represented as a single block in In DNS master files, the RDATA is represented as a single block in
base 64 encoding identical to that used for representing binary data base 64 encoding identical to that used for representing binary data
in RFC 2535 [8]. The data may be divided up into any number of white in RFC 2535 [7]. The data may be divided up into any number of white
space separated substrings, down to single base 64 digits, which are space separated substrings, down to single base 64 digits, which are
concatenated to form the complete RDATA. These substrings can span concatenated to form the complete RDATA. These substrings can span
lines using the standard parentheses. lines using the standard parentheses.
3.3. The DHCID RR Type Codes 3.3. The DHCID RR Identifier Type Codes
The DHCID RR Type Code specifies what data from the DHCP client's The DHCID RR Identifier Type Code specifies what data from the DHCP
request was used as input into the hash function. The type codes are client's request was used as input into the hash function. The
defined in a registry maintained by IANA, as specified in Section 7. identifier type codes are defined in a registry maintained by IANA,
The initial list of assigned values for the type code is: as specified in Section 7. The initial list of assigned values for
the identifier type code is:
0x0000 = htype, chaddr from a DHCPv4 client's DHCPREQUEST [7]. 0x0000 = htype, chaddr from a DHCPv4 client's DHCPREQUEST [6].
0x0001 = The data portion from a DHCPv4 client's Client Identifier 0x0001 = The data portion from a DHCPv4 client's Client Identifier
option [9]. option [8].
0x0002 = The client's DUID (i.e., the data portion of a DHCPv6 0x0002 = The client's DUID (i.e., the data portion of a DHCPv6
client's Client Identifier option [10] or the DUID field from a client's Client Identifier option [9] or the DUID field from a
DHCPv4 client's Client Identifier option [12]). DHCPv4 client's Client Identifier option [11]).
0x0003 - 0xfffe = Available to be assigned by IANA. 0x0003 - 0xfffe = Available to be assigned by IANA.
0xffff = RESERVED 0xffff = RESERVED
3.4. Computation of the RDATA 3.4. The DHCID RR Digest Type Code
The DHCID RDATA is formed by concatenating the two type bytes with The DHCID RR Digest Type Code is an identifier for the digest
some variable-length identifying data. algorithm used. The digest is calculated over an identifier and the
canonical FQDN as described in the next section.
< type > < data > The digest type codes are defined in a registry maintained by IANA,
as specified in Section 7. The initial list of assigned values for
the digest type codes is: value 0 is reserved and value 1 is SHA-256.
Reserving other types requires IETF standards action. Defining new
values will also require IETF standards action to document how DNS
updaters are to deal with multiple digest types.
3.5. Computation of the RDATA
The DHCID RDATA is formed by concatenating the 2-octet identifier
type code with variable-length data.
The RDATA for all type codes other than 0xffff, which is reserved for The RDATA for all type codes other than 0xffff, which is reserved for
future expansion, is formed by concatenating the two type bytes and a future expansion, is formed by concatenating the 2-octet identifier
16-byte MD5 hash value. The input to the hash function is defined to type code, the 1-octet digest type code, and the digest value (32
be: octets for SHA-256).
data = MD5(< identifier > < FQDN >) < identifier-type > < digest-type > < digest >
The input to the digest hash function is defined to be:
digest = SHA-256(< identifier > < FQDN >)
The FQDN is represented in the buffer in unambiguous canonical form The FQDN is represented in the buffer in unambiguous canonical form
as described in RFC 2535 [8], section 8.1. The type code and the as described in RFC 2535 [7], section 8.1. The identifier type code
identifier are related as specified in Section 3.3: the type code and the identifier are related as specified in Section 3.3: the
describes the source of the identifier. identifier type code describes the source of the identifier.
When the updater is using the client's link-layer address as the A DHCPv4 updater uses the 0x0002 type code if a Client Identifier
identifier, the first two bytes of the DHCID RDATA MUST be zero. To option is present in the DHCPv4 messages and it is encoded as
generate the rest of the resource record, the updater computes a one- specified in [11]. Otherwise, the updater uses 0x0001 if a Client
way hash using the MD5 algorithm across a buffer containing the Identifier option is present and 0x0000 if not.
client's network hardware type, link-layer address, and the FQDN
data. Specifically, the first byte of the buffer contains the A DHCPv6 updater always uses the 0x0002 type code.
network hardware type as it appeared in the DHCP 'htype' field of the
client's DHCPREQUEST message. All of the significant bytes of the When the updater is using the Client's DUID (either from a DHCPv6
chaddr field in the client's DHCPREQUEST message follow, in the same Client Identifier option or from a portion of the DHCPv4 Client
order in which the bytes appear in the DHCPREQUEST message. The Identifier option encoded as specified in [11]), the first two octets
number of significant bytes in the 'chaddr' field is specified in the of the DHCID RR MUST be 0x0002, in network byte order. The third
'hlen' field of the DHCPREQUEST message. The FQDN data, as specified octet is the digest type code (1 for SHA-256). The rest of the DHCID
above, follows. RR MUST contain the results of computing the SHA-256 hash across the
octets of the DUID followed by the FQDN.
When the updater is using the DHCPv4 Client Identifier option sent by When the updater is using the DHCPv4 Client Identifier option sent by
the client in its DHCPREQUEST message, the first two bytes of the the client in its DHCPREQUEST message, the first two octets of the
DHCID RR MUST be 0x0001, in network byte order. The rest of the DHCID RR MUST be 0x0001, in network byte order. The third octet is
DHCID RR MUST contain the results of computing an MD5 hash across the the digest type code (1 for SHA-256). The rest of the DHCID RR MUST
payload of the option, followed by the FQDN. The payload of the contain the results of computing the SHA-256 hash across the payload
option consists of the bytes of the option following the option code of the option, followed by the FQDN. The payload of the option
and length. consists of the octets of the option following the option code and
length.
When the updater is using the DHCPv6 DUID sent by the client in its When the updater is using the client's link-layer address as the
REQUEST message, the first two bytes of the DHCID RR MUST be 0x0002, identifier, the first two octets of the DHCID RDATA MUST be zero.
in network byte order. The rest of the DHCID RR MUST contain the The third octet is the digest type code (1 for SHA-256). To generate
results of computing an MD5 hash across the payload of the option, the rest of the resource record, the updater computes a one-way hash
followed by the FQDN. The payload of the option consists of the using the SHA-256 algorithm across a buffer containing the client's
bytes of the option following the option code and length. network hardware type, link-layer address, and the FQDN data.
Specifically, the first octet of the buffer contains the network
hardware type as it appeared in the DHCP 'htype' field of the
client's DHCPREQUEST message. All of the significant octets of the
'chaddr' field in the client's DHCPREQUEST message follow, in the
same order in which the octets appear in the DHCPREQUEST message.
The number of significant octets in the 'chaddr' field is specified
in the 'hlen' field of the DHCPREQUEST message. The FQDN data, as
specified above, follows.
3.5. Examples 3.6. Examples
3.5.1. Example 1 RFC-Editor Note: Contact Bernie Volz for the DHCID RR RDATA encodings
for the 3 examples below.
3.6.1. Example 1
A DHCP server allocating the IPv4 address 10.0.0.1 to a client with A DHCP server allocating the IPv4 address 10.0.0.1 to a client with
Ethernet MAC address 01:02:03:04:05:06 using domain name Ethernet MAC address 01:02:03:04:05:06 using domain name
"client.example.com" uses the client's link-layer address to identify "client.example.com" uses the client's link-layer address to identify
the client. The DHCID RDATA is composed by setting the two type the client. The DHCID RDATA is composed by setting the two type
bytes to zero, and performing an MD5 hash computation across a buffer octets to zero, the 1-octet digest type to 1 for SHA-256, and
containing the Ethernet MAC type byte, 0x01, the six bytes of MAC performing an SHA-256 hash computation across a buffer containing the
address, and the domain name (represented as specified in Ethernet MAC type octet, 0x01, the six octets of MAC address, and the
Section 3.4). domain name (represented as specified in Section 3.5).
client.example.com. A 10.0.0.1 client.example.com. A 10.0.0.1
client.example.com. DHCID AAAUMru0ZM5OK/PdVAJgZ/HU client.example.com. DHCID XXX - to be provided
3.5.2. Example 2 3.6.2. Example 2
A DHCP server allocates the IPv4 address 10.0.12.99 to a client which A DHCP server allocates the IPv4 address 10.0.12.99 to a client which
included the DHCP client-identifier option data 01:07:08:09:0a:0b:0c included the DHCP client-identifier option data 01:07:08:09:0a:0b:0c
in its DHCP request. The server updates the name "chi.example.com" in its DHCP request. The server updates the name "chi.example.com"
on the client's behalf, and uses the DHCP client identifier option on the client's behalf, and uses the DHCP client identifier option
data as input in forming a DHCID RR. The DHCID RDATA is formed by data as input in forming a DHCID RR. The DHCID RDATA is formed by
setting the two type bytes to the value 0x0001, and performing an MD5 setting the two type octets to the value 0x0001, the 1-octet digest
hash computation across a buffer containing the seven bytes from the type to 1 for SHA-256, and performing a SHA-256 hash computation
client-id option and the FQDN (represented as specified in across a buffer containing the seven octets from the client-id option
Section 3.4). and the FQDN (represented as specified in Section 3.5).
chi.example.com. A 10.0.12.99 chi.example.com. A 10.0.12.99
chi.example.com. DHCID AAHdd5jiQ3kEjANDm82cbObk\012 chi.example.com. DHCID XXX - to be provided
3.6.3. Example 3
A DHCP server allocates the IPv6 address 2000::1234:5678 to a client
which included the DHCPv6 client-identifier option data 00:01:00:06:
41:2d:f1:66:01:02:03:04:05:06 in its DHCPv6 request. The server
updates the name "chi6.example.com" on the client's behalf, and uses
the DHCP client identifier option data as input in forming a DHCID
RR. The DHCID RDATA is formed by setting the two type octets to the
value 0x0002, the 1-octet digest type to 1 for SHA-256, and
performing a SHA-256 hash computation across a buffer containing the
14 octets from the client-id option and the FQDN (represented as
specified in Section 3.5).
chi6.example.com. AAAA 2000::1234:5678
chi6.example.com. DHCID XXX - to be provided
4. Use of the DHCID RR 4. Use of the DHCID RR
This RR MUST NOT be used for any purpose other than that detailed in This RR MUST NOT be used for any purpose other than that detailed in
"Resolution of DNS Name Conflicts" [1]. Although this RR contains "Resolution of DNS Name Conflicts" [1]. Although this RR contains
data that is opaque to DNS servers, the data must be consistent data that is opaque to DNS servers, the data must be consistent
across all entities that update and interpret this record. across all entities that update and interpret this record.
Therefore, new data formats may only be defined through actions of Therefore, new data formats may only be defined through actions of
the DHC Working Group, as a result of revising [1]. the DHC Working Group, as a result of revising [1].
skipping to change at page 7, line 12 skipping to change at page 8, line 4
then compare that hash to the data in any DHCID RRs on the name that then compare that hash to the data in any DHCID RRs on the name that
they wish to associate with the client's IP address. If an updater they wish to associate with the client's IP address. If an updater
discovers DHCID RRs whose RDATA does not match the client identity discovers DHCID RRs whose RDATA does not match the client identity
that they have computed, the updater SHOULD conclude that a different that they have computed, the updater SHOULD conclude that a different
client is currently associated with the name in question. The client is currently associated with the name in question. The
updater SHOULD then proceed according to the site's administrative updater SHOULD then proceed according to the site's administrative
policy. That policy might dictate that a different name be selected, policy. That policy might dictate that a different name be selected,
or it might permit the updater to continue. or it might permit the updater to continue.
6. Security Considerations 6. Security Considerations
The DHCID record as such does not introduce any new security problems The DHCID record as such does not introduce any new security problems
into the DNS. In order to avoid exposing private information about into the DNS. In order to obscure the client's identity information,
DHCP clients to public scrutiny, a one-way hash is used to obscure a one-way hash is used. And, in order to make it difficult to
all client information. In order to make it difficult to 'track' a 'track' a client by examining the names associated with a particular
client by examining the names associated with a particular hash hash value, the FQDN is included in the hash computation. Thus, the
value, the FQDN is included in the hash computation. Thus, the RDATA RDATA is dependent on both the DHCP client identification data and on
is dependent on both the DHCP client identification data and on each each FQDN associated with the client.
FQDN associated with the client.
However, it should be noted that an attacker that has some knowledge,
such as of MAC addresses commonly used in DHCP client identification
data, may be able to discover the client's DHCP identify by using a
brute-force attack. Even without any additional knowledge, the
number of unknown bits used in computing the hash is typically only
48 to 80.
Administrators should be wary of permitting unsecured DNS updates to Administrators should be wary of permitting unsecured DNS updates to
zones which are exposed to the global Internet. Both DHCP clients zones, whether or not they are exposed to the global Internet. Both
and servers SHOULD use some form of update authentication (e.g., TSIG DHCP clients and servers SHOULD use some form of update
[11]) when performing DNS updates. authentication (e.g., TSIG [10]) when performing DNS updates.
7. IANA Considerations 7. IANA Considerations
IANA is requested to allocate an RR type number for the DHCID record IANA is requested to allocate a DNS RR type number for the DHCID
type. record type.
This specification defines a new number-space for the 16-bit type This specification defines a new number-space for the 2-octet
codes associated with the DHCID RR. IANA is requested to establish a identifier type codes associated with the DHCID RR. IANA is
registry of the values for this number-space. requested to establish a registry of the values for this number-
space. Three initial values are assigned in Section 3.3, and the
value 0xFFFF is reserved for future use. New DHCID RR identifier
type codes are assigned through Standards Action, as defined in RFC
2434 [5].
Three initial values are assigned in Section 3.3, and the value This specification defines a new number-space for the 1-octet digest
0xFFFF is reserved for future use. New DHCID RR type codes are type codes associated with the DHCID RR. IANA is requested to
tentatively assigned after the specification for the associated type establish a registry of the values for this number-space. Two
code, published as an Internet Draft, has received expert review by a initial values are assigned in Section 3.4. New DHCID RR digest type
designated expert. The final assignment of DHCID RR type codes is codes are assigned through Standards Action, as defined in RFC 2434
through Standards Action, as defined in RFC 2434 [6]. [5].
8. Acknowledgements 8. Acknowledgements
Many thanks to Josh Littlefield, Olafur Gudmundsson, Bernie Volz, and Many thanks to Harald Alvestrand, Ralph Droms, Olafur Gudmundsson,
Ralph Droms for their review and suggestions. Sam Hartman, Josh Littlefield, Pekka Savola, and especially Bernie
Volz for their review and suggestions.
9. References 9. References
9.1. Normative References 9.1. Normative References
[1] Stapp, M. and B. Volz, "Resolution of DNS Name Conflicts Among [1] Stapp, M. and B. Volz, "Resolution of DNS Name Conflicts Among
DHCP Clients (draft-ietf-dhc-dns-resolution-*)", September 2005. DHCP Clients (draft-ietf-dhc-dns-resolution-*)", February 2006.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[3] Mockapetris, P., "Domain names - concepts and facilities", [3] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
[4] Mockapetris, P., "Domain names - implementation and [4] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[5] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [5] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
April 1992.
[6] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
9.2. Informative References 9.2. Informative References
[7] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [6] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[8] Eastlake, D., "Domain Name System Security Extensions", [7] Eastlake, D., "Domain Name System Security Extensions",
RFC 2535, March 1999. RFC 2535, March 1999.
[9] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor [8] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997. Extensions", RFC 2132, March 1997.
[10] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. [9] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
Carney, "Dynamic Host Configuration Protocol for IPv6 Carney, "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003. (DHCPv6)", RFC 3315, July 2003.
[11] Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington, [10] Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington,
"Secret Key Transaction Authentication for DNS (TSIG)", "Secret Key Transaction Authentication for DNS (TSIG)",
RFC 2845, May 2000. RFC 2845, May 2000.
[12] Lemon, T. and B. Sommerfeld, "Node-Specific Client Identifiers [11] Lemon, T. and B. Sommerfeld, "Node-specific Client Identifiers
for DHCPv4 (draft-ietf-dhc-3315id-for-v4-*)", June 2005. for Dynamic Host Configuration Protocol Version Four (DHCPv4)",
RFC 4361, February 2006.
Authors' Addresses Authors' Addresses
Mark Stapp Mark Stapp
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: 978.936.1535 Phone: 978.936.1535
skipping to change at page 9, line 25 skipping to change at page 10, line 25
Ted Lemon Ted Lemon
Nominum, Inc. Nominum, Inc.
950 Charter St. 950 Charter St.
Redwood City, CA 94063 Redwood City, CA 94063
USA USA
Email: mellon@nominum.com Email: mellon@nominum.com
Andreas Gustafsson Andreas Gustafsson
Nominum, Inc. Araneus Information Systems Oy
950 Charter St. Ulappakatu 1
Redwood City, CA 94063 02320 Espoo
USA Finland
Email: gson@nominum.com Email: gson@araneus.fi
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
skipping to change at page 10, line 41 skipping to change at page 11, line 41
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 56 change blocks. 
163 lines changed or deleted 213 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/