Discussion:
Option 119 (Domain Search Option) and Option 15 (Domain Name Option)
VithalPrasad Gaitonde
2010-11-30 07:07:38 UTC
Permalink
Hi,

Option 119 (RFC 3397) and Option 15 (RFC 2132) provide DNS domain suffixes
to a DHCP client - with option 119 providing the ability to configure a list
instead of a single domain name (option 15).

Is there any specification on the client behaviour when both option 15 and
option 119 are provided in the server response:
1. Should option 119 value override option 15 value
2. Should option 15 value override option 119 value
3. Should the set of values be concatenated with preference for option 119
i.e. name resolution is first attempted with the values in option 119
followed by value in option 15.
4. Should the set of values be concatenated with preference for option 15
i.e. name resolution is first attempted with the value in option 15 followed
by values in option 119.
RFC 3396 seems to be silent on this aspect.

Thanks,
Prasad
Ted Lemon
2010-11-30 15:39:01 UTC
Permalink
Unfortunately, there is no specification. Since the DSL option was documented after the Domain Name option, one could assume that it takes precedence.

It would probably be worth updating RFC3397 to correct this problem--it's actually a pretty serious omission.
Alfred Hönes
2010-11-30 20:53:08 UTC
Permalink
Post by Ted Lemon
Post by VithalPrasad Gaitonde
Is there any specification on the client behaviour when both
Unfortunately, there is no specification. Since the DSL option
was documented after the Domain Name option, one could assume
that it takes precedence.
It would probably be worth updating RFC3397 to correct this
problem--it's actually a pretty serious omission.
I guess everybody once saw RFC 3397 as a functional replacement
for option 15, since the DSL (#119) allows a compact representation
of multiple domain names by making use of domain name compression
as in the DNS protocol. (This pretty much matches your previous
comment on space conservation.)
Option, OTOH, #15 encodes a single domain name; it cannot reasonably
be concatenated, and it doesn't need to, since a single non-FQDN will
always be shorter than 253 octets.

From a DNS resolver implentation point of view, any system that
supports the configuration of a DSL would admit and prefer a _list_
of domain names, if it's the intent of the administrator to provide it.
Since, for a conceptual domain search, list order matters,
whereas the order of different DHCP options is arbitrary,
it does not make sense to have both options in a DHCP response.

Therefore, I propose the following rules:

o DHCP servers SHOULD implement option 119; it looks like good
implementations should have the ability to send a single
domain name supplied by their configuration for a particular
client (or group of clients) in either #15 or #119 format;

o DHCP clients that would like to get domain search information
SHOULD request option 119; if it is configured with a domain
search list by other means, it SHOULD NOT request either
(note that a configured DSL MUST NOT be overwritten via DHCP);

o DHCP clients SHOULD NOT request both options 119 and 15,
unless they have an implementation-specific way to resolve
ambiguities resulting from both being received;

o DHCP servers SHOULD supply options 15 and 119 only if they
have been requested to do so; gratuitous supply is a waste
of packet space (see note on preconfigured DSL above);

o DHCP servers SHOULD ignore requests to supply both #15 and #119
and only send #119 in such case.


Do current DHCP server/client implementations already conform
to these rules?


Kind regards,
Alfred Hönes.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: ***@TR-Sys.de |
+------------------------+--------------------------------------------+
David Hankins
2010-11-30 21:43:28 UTC
Permalink
Post by Alfred Hönes
I guess everybody once saw RFC 3397 as a functional replacement
for option 15, since the DSL (#119) allows a compact representation
of multiple domain names by making use of domain name compression
as in the DNS protocol. (This pretty much matches your previous
comment on space conservation.)
Not precisely. There is some value in informing some clients of their
'domain name', as being separate from their domain-search list. Although at
one time these two were one in the same (and in time, people began to
identify with it only for domain search behavior), the domain name can
actually feed other behaviors, and is useful to some clients separately from
their domain-search configuration.

We have actually heard a proposal not too long ago to add a domain-name
option to the DHCPv6 lineup of options for this purpose.
Post by Alfred Hönes
From a DNS resolver implentation point of view, any system that
supports the configuration of a DSL would admit and prefer a _list_
of domain names, if it's the intent of the administrator to provide it.
Since, for a conceptual domain search, list order matters,
whereas the order of different DHCP options is arbitrary,
it does not make sense to have both options in a DHCP response.
It is certainly true that it would be inappropriate to concatenate the two
together in some way.

Note that some DNS resolvers (as configured from /etc/resolv.conf for
example) are sensitive to the order in which these options are configured.
Configuring the domain-search path before the domain-name results in an
implicit domain-seach path equal to the domain-name, which probably isn't
what the client desires.

It's not very tractable to reference all of these client-specific behaviors
for digesting configuration state in IETF protocols. So far it doesn't seem
to have been a problem to ask clients to do what they find the most useful.
Post by Alfred Hönes
o DHCP servers SHOULD implement option 119; it looks like good
implementations should have the ability to send a single
domain name supplied by their configuration for a particular
client (or group of clients) in either #15 or #119 format;
Sure, I guess. Most DHCP servers support arbitrary options anyway - you
generally do not need a software upgrade to support new option definitions,
but instead have some facility to configure a value for any option code.
Seems like this would lack teeth.

o DHCP clients that would like to get domain search information
Post by Alfred Hönes
SHOULD request option 119; if it is configured with a domain
search list by other means, it SHOULD NOT request either
(note that a configured DSL MUST NOT be overwritten via DHCP);
o DHCP clients SHOULD NOT request both options 119 and 15,
unless they have an implementation-specific way to resolve
ambiguities resulting from both being received;
That's not useful. A client that supports both domain-name and
domain-search-list is better served by requesting both, because it cannot
predict what the server 1) is capable of and 2) is configured to supply. A
good implementation would wish to operate in whatever environment it finds
itself.

o DHCP servers SHOULD supply options 15 and 119 only if they
Post by Alfred Hönes
have been requested to do so; gratuitous supply is a waste
of packet space (see note on preconfigured DSL above);
I don't know why you would enumerate this since it is explicit in RFC 2131
Parameter-Request-List (PRL) processing. Unless you are trying to specify a
behavior for when the PRL is not present, that is different from that
specified in RFC 2131? Let me suggest that this is not a useful
enumeration. If there is some DSL client implementation that concerns you,
it may be better to simply reference RFC 2131 on the subject of conformance.
Post by Alfred Hönes
o DHCP servers SHOULD ignore requests to supply both #15 and #119
and only send #119 in such case.
That's ridiculous. We are not going to start updating, testing, and
distributing DHCP software every time there's a new option out the door that
looks familiar, and encode special rules for specific code points in DHCP
parser code. The rules and exceptions just to make a DHCP packet would grow
without bounds.

If domain-name and domain-search both appear on the PRL, and both are
configured, send both. Sure, it wastes packet space in the order of tens of
octets, big deal.

If you want to preserve DHCPv4 payload space, Ted Lemon long ago suggested a
much more useful general platform - instrumenting the PRL so that clients
could specify sets of options of which they only want one option in reply.
Servers that don't support the instrumenting option codes simply wouldn't
have values to return for those codes anyway, and just wouldn't have the
space savings benefit. Realistically, this has never been an issue to date,
so no one has looked towards implementing this (but as time wears on, it
continues to be a growing threat).
Alfred Hönes
2010-12-01 23:05:15 UTC
Permalink
David,
Post by David Hankins
Post by Alfred Hönes
I guess everybody once saw RFC 3397 as a functional replacement
for option 15, since the DSL (#119) allows a compact representation
of multiple domain names by making use of domain name compression
as in the DNS protocol. (This pretty much matches your previous
comment on space conservation.)
Not precisely. There is some value in informing some clients of
their 'domain name', as being separate from their domain-search
list. ...
Yes, there's indeed value in that (iff it is clear that the DHCP
client is configured with a bare host name), and I initially also
believed to recall that #15 served this purpose.

But looking for #15 in RFC 2132, I found in Section 3.17:

| This option specifies the domain name that client should use when
| resolving hostnames via the Domain Name System.

It says "resolving hostnames", not "configuring the local domain name".

The domain search list is discussed in RFC 1034, which clearly
predates RFC 1533, the predecessor of RFC 2132. Therefore, I assume
that the authors were aware of the function of the search list and
supplied a simple mechanism to fill in a single entry.
Post by David Hankins
Although at one time these two were one in the same (and in time,
people began to identify with it only for domain search behavior),
the domain name can actually feed other behaviors, and is useful
to some clients separately from their domain-search configuration.
Indeed:

Digging deeper into history, I found that #15 initially was defined
in RFC 1395 with exactly the "configuring the local domain name"
semantics: "Specifies the domain name of the client ...".
This has been copied literally in the successor of RFC 1395, RFC 1497.

But clearly the description has changed in a significant way in the
next update step of the scpecification, from RFC 1497 to RFC 1395.

So the semantical shift you describe has been documented, and it looks
like we are now in a position where it is questionable to interpret
#15 as a method to set the local domain name for hosts only configured
with a relative domain name, as also described in RFC 1034.


Regarding the other points in my message: That was a strawman
collection of things that would need to be specified in the
update to RFC 3397 that Ted Lemon had suggested in his primary
response to the #15 vs. #119 question.

If requirements I had listed are seen as sufficiently specified
(otherwise/in general), a precise pointer to that specification
would serve the purpose, of course.

If, on the other hand, a requirement deemed useful cannot be
expected to be supported directly by DHCP server implementations,
but by proper configuration, it could easily be carried forward
in that manner, as a caveat to server admins, in a potential update
to RFC 3397.


Based on your words on #15, it now seems worth to _first_ clarify
its role unambiguously. Without this clarification, an improved
specification for #119 cannot be conceived.
If #15 really is back to RFC 1395 semantics (local domain of DHCP
client, to be appended to his bare host name), no overlap with #119
exists, and RFC 3397 might be precise enough.

Kind regards,
Alfred.

Continue reading on narkive:
Loading...