On-going work on DHCP project : RFC4361 support

Thomas PEGEOT thomas.pegeot at sogeti.com
Fri Mar 19 09:43:49 UTC 2010


Hello,

Performing a conversion from TXT to DHCID RRs seems impossible for me. 

On the one hand, we have TXT records which are based on the following
format: 
- A byte for storing the MD5 digest length
- The next 2 bytes are used to store the identifier type code
- Then, we have an ASCII MD5 hash of the identifier

On the other hand, according to the RFC4701 [1] the DHCID record format is:
- The identifier type code is stored on two bytes
- The third byte is used for the digest type code (for instance: 1 for
SHA256)
- The n following bytes are used for storing the digest of the concatenation
of the identifier and the FQDN.

The problem is directly related to the use of a hash function (MD5) in TXT
records. MD5 is a one-way cipher, which means that we can't decrypt this MD5
hash in order to extract the identifier. From that moment on, I don't really
see how this conversion could be done.

Is removing every TXT record in DNS databases a suitable solution? Even this
would imply a security issue (no more identification records), this would
make transition easier: if there is no more TXT record, a client, through
the DHCP server, would be able to add a DHCID record to its A or/and AAAA
records. 

I'll investigate how we could migrate from TXT to DHCID RRs.

Concerning my work, I already implemented a few things and got them working
pretty well.

A DHCPv4 client is now able to send a DUID-based client identifier. Actually
it is RFC4361 compliant [2]. 
This type of client identifier is very useful for dual stack clients,
because it contains among others things the client's DUID which can be
extracted to compute the same DHCID (TXT or the real one) than the DHCPv6
client (identified by its DUID). In that way, a dual stack client will be
able to have these A and AAAA records associated with a single FQDN. 

>From now on, the DHCP server is able to write DHCID record in DNS (I run
Bind-9.7 here). It can be enabled through a compilation option.

As soon as I can, I will send my changes to dhcp-suggest.

Thank you a lot for taking care of this.

Regards

Thomas PEGEOT


[1]: http://www.ietf.org/rfc/rfc4701.txt
[2]: http://www.ietf.org/rfc/rfc4361.txt





More information about the dhcp-workers mailing list