host-identifier with IPv6

Greg.Rabil at ins.com Greg.Rabil at ins.com
Fri Feb 27 15:32:09 UTC 2009 

I think the only drawback to this solution is that doing DDNS updates from the client makes it difficult to secure the updates using TSIG, for example.  Distributing the TSIG key(s) to the clients is really not an option in most cases.  However, there is tremendous benefit to supporting DDNS in a SLAAC (stateless address auto-config) environment.  One option would be to require client to put their FQDN option in the Info-Request message sent to a stateless DHCPv6 server.  The source address of the Info-Request message is the client's SLAAC address, so the stateless DHCPv6 server would know the IP, and if the FQDN option were included, it would have enough information to update both the AAAA and PTR records.  The problem here is that a stateless DHCPv6 server will not know when the records should be removed from DNS, but stale records could be cleaned via some other "scavenging" mechanism.

Is there any interest in this approach?  If so, I would consider writing a draft to include the FQDN option in Info-Request messages.

Regards,
Greg Rabil


-----Original Message-----
From: dhcp-users-bounces at lists.isc.org [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Glen R. J. Neff
Sent: Friday, February 27, 2009 10:11 AM
To: Users of ISC DHCP
Subject: Re: host-identifier with IPv6

On Thu, 2009-02-26 at 15:13 -0800, David W. Hankins wrote:
> DDNS in RA is full stop no-go, unless you manually configure the client
> itself to perform DDNS after DAD, at which time you may as well do
> neither RA nor DHCPv6.

Well, I have to disagree, 'specially since I have labs full of machines
doing it.

What I'm doing, and what I'm advocating to become the standard way of
doing things, is to have the default 'dhclient-script' include a stanza
to initiate a DDNS update.

My philosophy with IPv6 implementation is that the added address space
and the raw hexidecimal values in said addresses have increased the
complexity to a level that is way beyond even what the more saavy users
and or system administrators can comprehend.  I'm all for IPv6, but I
think the way forward involves making the job of the Network Engineer
harder and the job of the System Administrator even easier, ie. to make
the networks plug-n-play.  I've setup environments where hosts simply
need to be configured with a hostname to include the FQDN and plugged
into the correct VLAN, and the rest is "auto-magical."

-G


-- 
/*
 * Glen R. J. Neff
 * RTP TSG Network Team
 * neff_glen at emc.com
 *
 * EMC^2 == E^2
 */
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list