mirror of
https://gitlab.isc.org/isc-projects/kea
synced 2025-09-01 06:25:34 +00:00
[3282] Addressed review comments.
Added discussion of reverse DNS udpates to tables 17.4 and 18.4. Fixed other minor typos.
This commit is contained in:
Thomas Markwalder
@@ -4578,12 +4578,14 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
|
|||||||
to listen on a different address or port, these values must altered
|
to listen on a different address or port, these values must altered
|
||||||
accordingly. For example, if D2 has been configured to listen on
|
accordingly. For example, if D2 has been configured to listen on
|
||||||
198.162.1.10 port 900, the following commands would be required:
|
198.162.1.10 port 900, the following commands would be required:
|
||||||
</para>
|
|
||||||
<screen>
|
<screen>
|
||||||
> <userinput>config set Dhcp4/dhcp-ddns/server-ip "198.162.1.10"</userinput>
|
> <userinput>config set Dhcp4/dhcp-ddns/server-ip "198.162.1.10"</userinput>
|
||||||
> <userinput>config set Dhcp4/dhcp-ddns/server-port 900</userinput>
|
> <userinput>config set Dhcp4/dhcp-ddns/server-port 900</userinput>
|
||||||
> <userinput>config commit</userinput>
|
> <userinput>config commit</userinput>
|
||||||
</screen>
|
</screen>
|
||||||
|
D2 can be configured to listen over IPv4 or IPv6, therefore server-ip
|
||||||
|
may be either an IPv4 or IPv6 address.
|
||||||
|
</para>
|
||||||
<para>
|
<para>
|
||||||
The socket protocol that DHCPv4 should use to communicate with D2 is
|
The socket protocol that DHCPv4 should use to communicate with D2 is
|
||||||
specified with the "ncr-protocol" parameter. Currently only UDP is
|
specified with the "ncr-protocol" parameter. Currently only UDP is
|
||||||
@@ -4653,20 +4655,22 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
|
|||||||
<tbody>
|
<tbody>
|
||||||
<row>
|
<row>
|
||||||
<entry>0-0</entry>
|
<entry>0-0</entry>
|
||||||
<entry>Client wants to perform forward DNS updates</entry>
|
<entry>
|
||||||
<entry>Server does not generate request</entry>
|
Client wants to do forward updates, server should do reverse updates
|
||||||
|
</entry>
|
||||||
|
<entry>Server generates reverse-only request</entry>
|
||||||
<entry>1-0-0</entry>
|
<entry>1-0-0</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry>0-1</entry>
|
<entry>0-1</entry>
|
||||||
<entry>Client wants the server to perform forward DNS updates</entry>
|
<entry>Server should do both forward and reverse updates</entry>
|
||||||
<entry>Server generates request</entry>
|
<entry>Server generates request to update both directions</entry>
|
||||||
<entry>0-1-0</entry>
|
<entry>0-1-0</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry>1-0</entry>
|
<entry>1-0</entry>
|
||||||
<entry>Client wants no DNS updates done</entry>
|
<entry>Client wants no updates done</entry>
|
||||||
<entry>Server does not generate request</entry>
|
<entry>Server does not generate a request</entry>
|
||||||
<entry>1-0-0</entry>
|
<entry>1-0-0</entry>
|
||||||
</row>
|
</row>
|
||||||
</tbody>
|
</tbody>
|
||||||
@@ -4675,12 +4679,14 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
|
|||||||
<para>
|
<para>
|
||||||
The first row in the table above represents "client delegation". Here
|
The first row in the table above represents "client delegation". Here
|
||||||
the DHCP client states that it intends to do the forward DNS updates and
|
the DHCP client states that it intends to do the forward DNS updates and
|
||||||
therefore the server should not attempt them. The parameter,
|
the server should do the reverese updates. By default, DHCPv4 will honor
|
||||||
"override-client-update", can be used to instruct the server to override
|
the client's wishes and generate a DDNS request to D2 to update only
|
||||||
client delegation requests. When this parameter is true, DHCPv4 will
|
reverse DNS data. The parameter, "override-client-update", can be used
|
||||||
generate DDNS udpate request to D2 even if the client requests delegation.
|
to instruct the server to override client delegation requests. When
|
||||||
The N-S-O flags in the server's response to the client will be 0-1-1
|
this parameter is true, DHCPv4 will disregard requests for client
|
||||||
respectively.
|
delegation and generate a DDNS request to update both forward and
|
||||||
|
reverse DNS data. In this case, the N-S-O flags in the server's
|
||||||
|
response to the client will be 0-1-1 respectively.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
(Note that the flag combination N=1, S=1 is prohibited according to
|
(Note that the flag combination N=1, S=1 is prohibited according to
|
||||||
@@ -6076,6 +6082,8 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
|
|||||||
> <userinput>config set Dhcp6/dhcp-ddns/server-port 900</userinput>
|
> <userinput>config set Dhcp6/dhcp-ddns/server-port 900</userinput>
|
||||||
> <userinput>config commit</userinput>
|
> <userinput>config commit</userinput>
|
||||||
</screen>
|
</screen>
|
||||||
|
D2 can be configured to listen over IPv4 or IPv6, therefore server-ip
|
||||||
|
may be either an IPv4 or IPv6 address.
|
||||||
<para>
|
<para>
|
||||||
The socket protocol that DHCPv6 should use to communicate with D2 is
|
The socket protocol that DHCPv6 should use to communicate with D2 is
|
||||||
specified with the "ncr-protocol" parameter. Currently only UDP is
|
specified with the "ncr-protocol" parameter. Currently only UDP is
|
||||||
@@ -6152,20 +6160,22 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
|
|||||||
<tbody>
|
<tbody>
|
||||||
<row>
|
<row>
|
||||||
<entry>0-0</entry>
|
<entry>0-0</entry>
|
||||||
<entry>Client wants to perform forward DNS updates</entry>
|
<entry>
|
||||||
<entry>Server does not generate request</entry>
|
Client wants to do forward updates, server should do reverse updates
|
||||||
|
</entry>
|
||||||
|
<entry>Server generates reverse-only request</entry>
|
||||||
<entry>1-0-0</entry>
|
<entry>1-0-0</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry>0-1</entry>
|
<entry>0-1</entry>
|
||||||
<entry>Client wants the server to perform forward DNS updates</entry>
|
<entry>Server should do both forward and reverse updates</entry>
|
||||||
<entry>Server generates request</entry>
|
<entry>Server generates request to update both directions</entry>
|
||||||
<entry>0-1-0</entry>
|
<entry>0-1-0</entry>
|
||||||
</row>
|
</row>
|
||||||
<row>
|
<row>
|
||||||
<entry>1-0</entry>
|
<entry>1-0</entry>
|
||||||
<entry>Client wants no DNS updates done</entry>
|
<entry>Client wants no updates done</entry>
|
||||||
<entry>Server does not generate request</entry>
|
<entry>Server does not generate a request</entry>
|
||||||
<entry>1-0-0</entry>
|
<entry>1-0-0</entry>
|
||||||
</row>
|
</row>
|
||||||
</tbody>
|
</tbody>
|
||||||
@@ -6174,12 +6184,14 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
|
|||||||
<para>
|
<para>
|
||||||
The first row in the table above represents "client delegation". Here
|
The first row in the table above represents "client delegation". Here
|
||||||
the DHCP client states that it intends to do the forward DNS updates and
|
the DHCP client states that it intends to do the forward DNS updates and
|
||||||
therefore the server should not attempt them. The parameter,
|
the server should do the reverese updates. By default, DHCPv6 will honor
|
||||||
"override-client-update", can be used to instruct the server to override
|
the client's wishes and generate a DDNS request to D2 to update only
|
||||||
client delegation requests. When this parameter is true, DHCPv6 will
|
reverse DNS data. The parameter, "override-client-update", can be used
|
||||||
generate DDNS udpate request to D2 even if the client requests delegation.
|
to instruct the server to override client delegation requests. When
|
||||||
The N-S-O flags in the server's response to the client will be 0-1-1
|
this parameter is true, DHCPv6 will disregard requests for client
|
||||||
respectively.
|
delegation and generate a DDNS request to update both forward and
|
||||||
|
reverse DNS data. In this case, the N-S-O flags in the server's
|
||||||
|
response to the client will be 0-1-1 respectively.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
(Note that the flag combination N=1, S=1 is prohibited according to
|
(Note that the flag combination N=1, S=1 is prohibited according to
|
||||||
@@ -6268,7 +6280,7 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
|
|||||||
</screen>
|
</screen>
|
||||||
</section>
|
</section>
|
||||||
<para>
|
<para>
|
||||||
When qualifying a partial name, DHCPv6 will construct a name of with the
|
When qualifying a partial name, DHCPv6 will construct a name with the
|
||||||
format:
|
format:
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
@@ -6498,7 +6510,7 @@ Dhcp6/renew-timer 1000 integer (default)
|
|||||||
the DDNS protocol (defined in RFC 2136) on behalf of the DHCPv4 and DHCPv6
|
the DDNS protocol (defined in RFC 2136) on behalf of the DHCPv4 and DHCPv6
|
||||||
servers. The DHCP servers construct
|
servers. The DHCP servers construct
|
||||||
DDNS update requests, known as NameChangeRequests (NCRs), based upon DHCP
|
DDNS update requests, known as NameChangeRequests (NCRs), based upon DHCP
|
||||||
lease change events and then these to D2. D2 attempts to match
|
lease change events and then post these to D2. D2 attempts to match
|
||||||
each such request to the appropriate DNS server(s) and carry out the
|
each such request to the appropriate DNS server(s) and carry out the
|
||||||
necessary conversation with those servers to update the DNS data.
|
necessary conversation with those servers to update the DNS data.
|
||||||
</para>
|
</para>
|
||||||
@@ -6634,12 +6646,14 @@ DhcpDdns/reverse_ddns/ddns_domains [] list (default)
|
|||||||
governed by the parameters, "ip-address" and "port". Either value
|
governed by the parameters, "ip-address" and "port". Either value
|
||||||
may be changed using config set/commit. For example to change the
|
may be changed using config set/commit. For example to change the
|
||||||
server to listen at 192.168.1.10 port 900:
|
server to listen at 192.168.1.10 port 900:
|
||||||
</para>
|
|
||||||
<screen>
|
<screen>
|
||||||
> <userinput>config set DhcpDdns/ip_address "192.168.1.10"</userinput>
|
> <userinput>config set DhcpDdns/ip_address "192.168.1.10"</userinput>
|
||||||
> <userinput>config set DhcpDdns/port 900</userinput>
|
> <userinput>config set DhcpDdns/port 900</userinput>
|
||||||
> <userinput>config commit</userinput>
|
> <userinput>config commit</userinput>
|
||||||
</screen>
|
</screen>
|
||||||
|
The server may be configured to listen over IPv4 or IPv6, therefore
|
||||||
|
ip-address may an IPv4 or IPv6 address.
|
||||||
|
</para>
|
||||||
<note>
|
<note>
|
||||||
<simpara>
|
<simpara>
|
||||||
If the ip_address and port are changed, it will be necessary to change the
|
If the ip_address and port are changed, it will be necessary to change the
|
||||||
@@ -6674,14 +6688,14 @@ corresponding values in the DHCP servers' "dhcp-ddns" configuration section.
|
|||||||
<command>name</command> —
|
<command>name</command> —
|
||||||
is a unique text label used to idenfity the this key within the
|
is a unique text label used to idenfity the this key within the
|
||||||
list. It is this value that is used to specify which key (if any)
|
list. It is this value that is used to specify which key (if any)
|
||||||
should be used with a specific DNS server. So long it is unique,
|
should be used with a specific DNS server. So long as it is
|
||||||
its content is arbitrary. It cannot be blank.
|
unique, its content is arbitrary. It cannot be blank.
|
||||||
</simpara>
|
</simpara>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<simpara>
|
<simpara>
|
||||||
<command>algorithm</command> —
|
<command>algorithm</command> —
|
||||||
specifies the which hashing algorithm should be used with this
|
specifies which hashing algorithm should be used with this
|
||||||
key. This value is not currently used.
|
key. This value is not currently used.
|
||||||
</simpara>
|
</simpara>
|
||||||
</listitem>
|
</listitem>
|
||||||
@@ -6766,7 +6780,7 @@ DhcpDdns/forward_ddns/ddns_domains [] list (default)
|
|||||||
<command>key_name</command> —
|
<command>key_name</command> —
|
||||||
If TSIG is used with this domain's servers, this
|
If TSIG is used with this domain's servers, this
|
||||||
value should be the name of the key from within the TSIG Key List
|
value should be the name of the key from within the TSIG Key List
|
||||||
to use. If it the value is blank (the default), TSIG will not be
|
to use. If the value is blank (the default), TSIG will not be
|
||||||
used in DDNS converations with this domain's servers. Currently
|
used in DDNS converations with this domain's servers. Currently
|
||||||
TSIG has not been implemented, so this value is ignored.
|
TSIG has not been implemented, so this value is ignored.
|
||||||
</simpara>
|
</simpara>
|
||||||
@@ -6774,7 +6788,7 @@ DhcpDdns/forward_ddns/ddns_domains [] list (default)
|
|||||||
<listitem>
|
<listitem>
|
||||||
<simpara>
|
<simpara>
|
||||||
<command>dns_servers</command> —
|
<command>dns_servers</command> —
|
||||||
a list of one or more DNS servers which can conduct the server
|
A list of one or more DNS servers which can conduct the server
|
||||||
side of the DDNS protocol for this domain. The servers
|
side of the DDNS protocol for this domain. The servers
|
||||||
are used in a first to last preference. In other words, when D2
|
are used in a first to last preference. In other words, when D2
|
||||||
begins to process a request for this domain it will pick the
|
begins to process a request for this domain it will pick the
|
||||||
@@ -6829,6 +6843,7 @@ DhcpDdns/forward_ddns/ddns_domains[0]/dns_servers [] list (default)
|
|||||||
<simpara>
|
<simpara>
|
||||||
<command>ip_address</command> —
|
<command>ip_address</command> —
|
||||||
The IP address at which the server listens for DDNS requests.
|
The IP address at which the server listens for DDNS requests.
|
||||||
|
This may be either an IPv4 or an IPv6 address.
|
||||||
</simpara>
|
</simpara>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
@@ -6887,7 +6902,7 @@ DhcpDdns/reverse_ddns/ddns_domains [] list (default)
|
|||||||
which maintain the reverse DNS data for that zone. You will need one
|
which maintain the reverse DNS data for that zone. You will need one
|
||||||
reverse DDNS Domain for each zone you wish to service. It may very
|
reverse DDNS Domain for each zone you wish to service. It may very
|
||||||
well be that some or all of your zones are maintained by the same
|
well be that some or all of your zones are maintained by the same
|
||||||
servers; even then, uou will still need one DDNS Domain entry for each
|
servers; even then, you will still need one DDNS Domain entry for each
|
||||||
zone. Remember that
|
zone. Remember that
|
||||||
matching a request to the appropriate server(s) is done by zone and
|
matching a request to the appropriate server(s) is done by zone and
|
||||||
a DDNS Domain only defines a single zone.
|
a DDNS Domain only defines a single zone.
|
||||||
@@ -6901,9 +6916,9 @@ DhcpDdns/reverse_ddns/ddns_domains [] list (default)
|
|||||||
<simpara>
|
<simpara>
|
||||||
<command>name</command> —
|
<command>name</command> —
|
||||||
The fully qualified reverse zone that this DDNS Domain
|
The fully qualified reverse zone that this DDNS Domain
|
||||||
can update. This is the value used to compare against the
|
can update. This is the value used during reverse matching
|
||||||
request the reversed version of the lease address during
|
which will compare it a reversed version of the request's lease
|
||||||
reverse matching. The zone name should follow the appropriate
|
address. The zone name should follow the appropriate
|
||||||
standards: for example, to to support the IPv4 subnet 172.16.1,
|
standards: for example, to to support the IPv4 subnet 172.16.1,
|
||||||
the name should be. "1.16.172.in-addr.arpa.". Similarly,
|
the name should be. "1.16.172.in-addr.arpa.". Similarly,
|
||||||
to support an IPv6 subent of 2001:db8:1, the name should be
|
to support an IPv6 subent of 2001:db8:1, the name should be
|
||||||
@@ -6916,7 +6931,7 @@ DhcpDdns/reverse_ddns/ddns_domains [] list (default)
|
|||||||
<command>key_name</command> —
|
<command>key_name</command> —
|
||||||
If TSIG should be used with this domain's servers, then this
|
If TSIG should be used with this domain's servers, then this
|
||||||
value should be the name of the key from within the TSIG Key List
|
value should be the name of the key from within the TSIG Key List
|
||||||
to use. If it the value is blank (the default), TSIG will not be
|
to use. If the value is blank (the default), TSIG will not be
|
||||||
used in DDNS converations with this domain's servers. Currently
|
used in DDNS converations with this domain's servers. Currently
|
||||||
this value is not used as TSIG has not been implemented.
|
this value is not used as TSIG has not been implemented.
|
||||||
</simpara>
|
</simpara>
|
||||||
@@ -6953,9 +6968,9 @@ DhcpDdns/reverse_ddns/ddns_domains[0]/dns_servers [] list (default)
|
|||||||
<userinput>> config commit</userinput>
|
<userinput>> config commit</userinput>
|
||||||
</screen>
|
</screen>
|
||||||
It is permissable to add a domain without any servers. If that domain
|
It is permissable to add a domain without any servers. If that domain
|
||||||
should be matched to a request, however, the request will fail. However, in
|
should be matched to a request, however, the request will fail. In
|
||||||
order to make the domain useful, we must add at least one DNS server
|
order to make the domain useful though, we must add at least one DNS
|
||||||
to it.
|
server to it.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<section id="add-reverse-dns-servers">
|
<section id="add-reverse-dns-servers">
|
||||||
|
|||||||
Reference in New Issue
Block a user