BIND 10 master, updated. ff52b86206e3a256a02ca6d5cde55040550ba86a [master] Merge branch 'trac3258'
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri Mar 28 14:06:53 UTC 2014
The branch, master has been updated
via ff52b86206e3a256a02ca6d5cde55040550ba86a (commit)
via 73ffb138421c4041650853f036a8b19cdaece240 (commit)
via 49fdbcb947bddf7742f2e55c6d0b79e6742ebb77 (commit)
via eb0f09a098306ef19d1df0ac0cee0a6d4f94b4fa (commit)
via fa087f7abcad2630be393aa1a6fbf06ed5574c8e (commit)
via 0d2db65a9d18aebf31c9696974d3ab3c75445174 (commit)
from 8f0838e0fb803973d31cf0c383e62715c31bcbe6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ff52b86206e3a256a02ca6d5cde55040550ba86a
Merge: 8f0838e 73ffb13
Author: Marcin Siodelski <marcin at isc.org>
Date: Fri Mar 28 15:01:51 2014 +0100
[master] Merge branch 'trac3258'
-----------------------------------------------------------------------
Summary of changes:
doc/guide/bind10-guide.css | 9 +++
doc/guide/bind10-guide.xml | 142 +++++++++++++++++++++++++++-----------------
src/bin/dhcp6/dhcp6_srv.cc | 3 +-
3 files changed, 96 insertions(+), 58 deletions(-)
-----------------------------------------------------------------------
diff --git a/doc/guide/bind10-guide.css b/doc/guide/bind10-guide.css
index 3c62781..a8e34e7 100644
--- a/doc/guide/bind10-guide.css
+++ b/doc/guide/bind10-guide.css
@@ -30,6 +30,15 @@ body {
-webkit-border-radius: 10px;
}
+.warning {
+ background-color: #eedddd;
+ border: 1px solid #ccaaaa;
+ margin: 1em 0 1em 0;
+ padding: 0.5em 1em 0.5em 1em;
+ -moz-border-radius: 10px;
+ -webkit-border-radius: 10px;
+}
+
h3 {
text-decoration: underline;
}
diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index 932ccd5..6c64525 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -4995,6 +4995,11 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
Relay Agent Information option is supported.</simpara>
</listitem>
<listitem>
+ <simpara><ulink url="http://tools.ietf.org/html/rfc3925">RFC 3925</ulink>:
+ Vendor-Identifying Vendor Class and Vendor-Identifying Vendor-Specific
+ Information option are supported.</simpara>
+ </listitem>
+ <listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc6842">RFC 6842</ulink>:
Server by default sends back client-id option. That capability may be
disabled. See <xref linkend="dhcp4-echo-client-id"/> for details.
@@ -5026,24 +5031,10 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
</para>
</listitem>
<listitem>
- <para>
- On startup, the DHCPv4 server does not get the full configuration from
- BIND 10. To remedy this, after starting BIND 10, modify any parameter
- and commit the changes, e.g.
- <screen>
-> <userinput>config show Dhcp4/renew-timer</userinput>
-Dhcp4/renew-timer 1000 integer (default)
-> <userinput>config set Dhcp4/renew-timer 1001</userinput>
-> <userinput>config commit</userinput></screen>
- </para>
- </listitem>
-
- <listitem>
- <simpara>The DHCPv4 server does not support
- BOOTP. That is a design choice and the limitation is
- permanent. If you have legacy nodes that can't use DHCP and
- require BOOTP support, please use the latest version of ISC DHCP,
- available from <ulink url="http://www.isc.org/software/dhcp"/>.</simpara>
+ <simpara>
+ BOOTP (<ulink url="http://tools.ietf.org/html/rfc951">RFC 951</ulink>)
+ is not supported.
+ </simpara>
</listitem>
<listitem>
<simpara>Raw sockets operation is working on Linux
@@ -5056,11 +5047,14 @@ Dhcp4/renew-timer 1000 integer (default)
sending ICMP echo request.</simpara>
</listitem>
<listitem>
- <simpara>Address rebinding (REBIND) and duplication report (DECLINE)
- are not supported yet.</simpara>
+ <simpara>Address duplication report (DECLINE) is not supported yet.</simpara>
</listitem>
<listitem>
- <simpara>DNS Update is not yet supported.</simpara>
+ <simpara>
+ The server doesn't act upon expired leases. In particular,
+ when a lease expires, the server doesn't request the removal
+ of the DNS records associated with it.
+ </simpara>
</listitem>
</itemizedlist>
</section>
@@ -6420,7 +6414,11 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
<itemizedlist>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>: Supported messages are SOLICIT,
- ADVERTISE, REQUEST, RELEASE, RENEW, and REPLY.</simpara>
+ ADVERTISE, REQUEST, RELEASE, RENEW, REBIND and REPLY.</simpara>
+ </listitem>
+ <listitem>
+ <simpara><ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink>: Supported options are IA_PD and
+ IA_PREFIX. Also supported is the status code NoPrefixAvail.</simpara>
</listitem>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3646">RFC 3646</ulink>: Supported option is DNS_SERVERS.</simpara>
@@ -6440,47 +6438,47 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
yet</quote>, rather than actual limitations.</para>
<itemizedlist>
- <listitem> <!-- see tickets #3234, #3281 -->
- <para>
- On-line configuration has some limitations. Adding new subnets or
- modifying existing ones work, as is removing the last subnet from
- the list. However, removing non-last (e.g. removing subnet 1,2 or 3 if
- there are 4 subnets configured) will cause issues. The problem is
- caused by simplistic subnet-id assignment. The subnets are always
- numbered, starting from 1. That subnet-id is then used in leases
- that are stored in the lease database. Removing non-last subnet will
- cause the configuration information to mismatch data in the lease
- database. It is possible to manually update subnet-id fields in
- MySQL database, but it is awkward and error prone process. A better
- reconfiguration support is planned.
- </para>
- </listitem>
-
- <listitem>
- <para>
- On startup, the DHCPv6 server does not get the full configuration from
- BIND 10. To remedy this, after starting BIND 10, modify any parameter
- and commit the changes, e.g.
- <screen>
-> <userinput>config show Dhcp6/renew-timer</userinput>
-Dhcp6/renew-timer 1000 integer (default)
-> <userinput>config set Dhcp6/renew-timer 1001</userinput>
-> <userinput>config commit</userinput></screen>
- </para>
- </listitem>
- <listitem>
- <simpara>Temporary addresses are not supported.</simpara>
+ <listitem> <!-- see tickets #3234, #3281 -->
+ <simpara>
+ On-line configuration has some limitations. Adding new subnets or
+ modifying existing ones work, as is removing the last subnet from
+ the list. However, removing non-last (e.g. removing subnet 1,2 or 3 if
+ there are 4 subnets configured) will cause issues. The problem is
+ caused by simplistic subnet-id assignment. The subnets are always
+ numbered, starting from 1. That subnet-id is then used in leases
+ that are stored in the lease database. Removing non-last subnet will
+ cause the configuration information to mismatch data in the lease
+ database. It is possible to manually update subnet-id fields in
+ MySQL database, but it is awkward and error prone process. A better
+ reconfiguration support is planned.
+ </simpara>
</listitem>
<listitem>
- <simpara>Prefix delegation is not supported.</simpara>
+ <simpara>
+ The server will allocate, renew or rebind a maximum of one lease
+ for a particular IA option (IA_NA or IA_PD) sent by a client.
+ <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink> and
+ <ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink> allow
+ for multiple addresses or prefixes to be allocated for a single IA.
+ </simpara>
</listitem>
<listitem>
- <simpara>Confirmation (CONFIRM), and duplication report (DECLINE)
- are not yet supported.</simpara>
+ <simpara>Temporary addresses are not supported.</simpara>
</listitem>
<listitem>
- <simpara>DNS Update is not supported.</simpara>
+ <simpara>
+ Confirmation (CONFIRM), duplication report (DECLINE),
+ stateless configuration (INFORMATION-REQUEST) and client
+ reconfiguration (RECONFIGURE) are not yet supported.
+ </simpara>
</listitem>
+ <listitem>
+ <simpara>
+ The server doesn't act upon expired leases. In particular,
+ when a lease expires, the server doesn't request removal of
+ the DNS records associated with it.
+ </simpara>
+ </listitem>
</itemizedlist>
</section>
@@ -6654,6 +6652,18 @@ DhcpDdns/reverse_ddns/ddns_domains [] list (default)
The server may be configured to listen over IPv4 or IPv6, therefore
ip-address may an IPv4 or IPv6 address.
</para>
+ <warning>
+ <simpara>
+ When the DHCP-DDNS server is configured to listen at an address
+ other than the loopback address (127.0.0.1 or ::1), it is possible
+ for a malicious attacker to send bogus NameChangeRequests to it
+ and change entries in the DNS. For this reason, addresses other
+ than the IPv4 or IPv6 loopback addresses should only be used
+ for testing purposes. A future version of Kea will implement
+ authentication to guard against such attacks.
+ </simpara>
+ </warning>
+
<note>
<simpara>
If the ip_address and port are changed, it will be necessary to change the
@@ -7210,6 +7220,26 @@ DhcpDdns/reverse_ddns/ddns_domains[0]/dns_servers[0]/port 53 integer(default)
</para>
</section> <!-- end of "d2-example" -->
</section> <!-- end of section "d2-configuration" -->
+ <section>
+ <title>DHCP-DDNS Server Limitations</title>
+ <para>The following are the current limitations of the DHCP-DDNS Server.</para>
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ Requests received from the DHCP servers are placed in a
+ queue until they are processed. Currently all queued requests
+ are lost when the server shuts down.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ TSIG Authentication (<ulink
+ url="http://tools.ietf.org/html/rfc2845">RFC 2845</ulink>)
+ is not supported yet.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </section>
</chapter> <!-- DHCP-DDNS Server -->
<chapter id="libdhcp">
diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc
index cc99ab3..13ed769 100644
--- a/src/bin/dhcp6/dhcp6_srv.cc
+++ b/src/bin/dhcp6/dhcp6_srv.cc
@@ -976,8 +976,7 @@ Dhcpv6Srv::assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer) {
// received options and handle IA_NA options one by one and store our
// responses in answer message (ADVERTISE or REPLY).
//
- // @todo: expand this to cover IA_PD and IA_TA once we implement support for
- // prefix delegation and temporary addresses.
+ // @todo: IA_TA once we implement support for temporary addresses.
for (OptionCollection::iterator opt = question->options_.begin();
opt != question->options_.end(); ++opt) {
switch (opt->second->getType()) {
More information about the bind10-changes
mailing list