To:
dnsop@cafax.se
From:
Ralph Droms <rdroms@cisco.com>
Date:
Fri, 07 Nov 2003 05:43:17 -0500
In-Reply-To:
<20031107.133351.41634619.yasuhiro@nttv6.jp>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Sense of the WG on DNS discovery
The dhc WG discussed this issue briefly during the WG last call on draft-ietf-dhc-dhcpv6-stateless-*.txt (see the thread starting at http://www1.ietf.org/mail-archive/working-groups/dhcwg/current/msg02005.html). If polling by clients using DHCPv6-lite is a desirable feature, it could be added to draft-ietf-dhc-dhcpv6-stateless-01.txt. We could probably argue a little about whether the Reconfigure message is part of DHCPv6-lite. On the one hand, using Reconfigure would require that the DHCPv6 server retain some dynamic state about clients: a list of active clients to which the Reconfigure message must be sent. Perhaps that requirement could be addressed through the use of a multicast Reconfigure message. If security is desired for the Reconfigure message, the server would also have to retain the "Reconfigure Key" for each active client (see section 21.5 of RFC 3315). Note that section 21.5 only prevents an attack through spoofed Reconfigure messages, not an initial attack by a spoofing DHCPv6 server. I don't think security has been a requirement for DNS configuration up to this point. - Ralph At 01:33 PM 11/7/2003 +0900, SHIRASAKI Yasuhiro wrote: >DHCPv6-full (for host) and DHCPv6-PD (for CPE) has timers such as T1, >T2, and lifetimes, so clients poll their servers periodically and >could realize a DNS recursive name server renumbering as a "side effect". > >Because DHCPv6-lite and DNS Recursive Name Server option has no timer, >once a client configured its address with RA and knew a DNS recursive >name server address with DHCPv6-lite, a chance for the client to >realize a renumbering might be its reboot. > >On Thu, 06 Nov 2003 22:18:37 -0500, >Ralph Droms <rdroms@cisco.com> wrote: > > Fair enough, but asynchronous notification of configuration changes hasn't > > been a requirement in IPv4 (well, there is the FORCERENEW message in RFC > > 3203; as far as I know there are no implementations of RFC 3203). Why > would > > it be needed for IPv6? > > > > - Ralph > > > > At 11:29 AM 11/7/2003 +0900, SHIRASAKI Yasuhiro wrote: > > > > 1. a "stateless" subset of the current DHCPv6, as specified in > > > > draft-ietf-dhc-dhcpv6-stateless-01.txt > > > > 2. an extension to the current DHCPv6 that has the ability to > > > > multicast the stateless information (that I guess Alain first > > > > proposed) > > > > > > > (i). In what way is DHCPv6-lite insufficient? > > > > > >DHCPv6-lite has no way to inform a DNS recursing server renumbering. > > >A DHCPv6-lite server could send Reconfigure messages for its clients, > > >if the server hold a client list, but it's not -lite. > > > > > >DHCPv6-lite with a multicast extension might help this. > >-- >SHIRASAKI Yasuhiro @ NTT Communications >t: +81-3-6800-3262, f: +81-3-5365-2990 >#---------------------------------------------------------------------- ># To unsubscribe, send a message to <dnsop-request@cafax.se>. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.