Commit ff52b862 authored by Marcin Siodelski's avatar Marcin Siodelski
Browse files

[master] Merge branch 'trac3258'

parents 8f0838e0 73ffb138
......@@ -30,6 +30,15 @@ body {
-webkit-border-radius: 10px;
}
.warning {
background-color: #eedddd;
border: 1px solid #ccaaaa;
margin: 1em 0 1em 0;
padding: 0.5em 1em 0.5em 1em;
-moz-border-radius: 10px;
-webkit-border-radius: 10px;
}
h3 {
text-decoration: underline;
}
......
......@@ -4994,6 +4994,11 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
<simpara><ulink url="http://tools.ietf.org/html/rfc3046">RFC 3046</ulink>:
Relay Agent Information option is supported.</simpara>
</listitem>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3925">RFC 3925</ulink>:
Vendor-Identifying Vendor Class and Vendor-Identifying Vendor-Specific
Information option are supported.</simpara>
</listitem>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc6842">RFC 6842</ulink>:
Server by default sends back client-id option. That capability may be
......@@ -5026,24 +5031,10 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
</para>
</listitem>
<listitem>
<para>
On startup, the DHCPv4 server does not get the full configuration from
BIND 10. To remedy this, after starting BIND 10, modify any parameter
and commit the changes, e.g.
<screen>
&gt; <userinput>config show Dhcp4/renew-timer</userinput>
Dhcp4/renew-timer 1000 integer (default)
&gt; <userinput>config set Dhcp4/renew-timer 1001</userinput>
&gt; <userinput>config commit</userinput></screen>
</para>
</listitem>
<listitem>
<simpara>The DHCPv4 server does not support
BOOTP. That is a design choice and the limitation is
permanent. If you have legacy nodes that can't use DHCP and
require BOOTP support, please use the latest version of ISC DHCP,
available from <ulink url="http://www.isc.org/software/dhcp"/>.</simpara>
<simpara>
BOOTP (<ulink url="http://tools.ietf.org/html/rfc951">RFC 951</ulink>)
is not supported.
</simpara>
</listitem>
<listitem>
<simpara>Raw sockets operation is working on Linux
......@@ -5056,11 +5047,14 @@ Dhcp4/renew-timer 1000 integer (default)
sending ICMP echo request.</simpara>
</listitem>
<listitem>
<simpara>Address rebinding (REBIND) and duplication report (DECLINE)
are not supported yet.</simpara>
<simpara>Address duplication report (DECLINE) is not supported yet.</simpara>
</listitem>
<listitem>
<simpara>DNS Update is not yet supported.</simpara>
<simpara>
The server doesn't act upon expired leases. In particular,
when a lease expires, the server doesn't request the removal
of the DNS records associated with it.
</simpara>
</listitem>
</itemizedlist>
</section>
......@@ -6420,7 +6414,11 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
<itemizedlist>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>: Supported messages are SOLICIT,
ADVERTISE, REQUEST, RELEASE, RENEW, and REPLY.</simpara>
ADVERTISE, REQUEST, RELEASE, RENEW, REBIND and REPLY.</simpara>
</listitem>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink>: Supported options are IA_PD and
IA_PREFIX. Also supported is the status code NoPrefixAvail.</simpara>
</listitem>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3646">RFC 3646</ulink>: Supported option is DNS_SERVERS.</simpara>
......@@ -6440,47 +6438,47 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
yet</quote>, rather than actual limitations.</para>
<itemizedlist>
<listitem> <!-- see tickets #3234, #3281 -->
<para>
On-line configuration has some limitations. Adding new subnets or
modifying existing ones work, as is removing the last subnet from
the list. However, removing non-last (e.g. removing subnet 1,2 or 3 if
there are 4 subnets configured) will cause issues. The problem is
caused by simplistic subnet-id assignment. The subnets are always
numbered, starting from 1. That subnet-id is then used in leases
that are stored in the lease database. Removing non-last subnet will
cause the configuration information to mismatch data in the lease
database. It is possible to manually update subnet-id fields in
MySQL database, but it is awkward and error prone process. A better
reconfiguration support is planned.
</para>
</listitem>
<listitem>
<para>
On startup, the DHCPv6 server does not get the full configuration from
BIND 10. To remedy this, after starting BIND 10, modify any parameter
and commit the changes, e.g.
<screen>
&gt; <userinput>config show Dhcp6/renew-timer</userinput>
Dhcp6/renew-timer 1000 integer (default)
&gt; <userinput>config set Dhcp6/renew-timer 1001</userinput>
&gt; <userinput>config commit</userinput></screen>
</para>
</listitem>
<listitem>
<simpara>Temporary addresses are not supported.</simpara>
<listitem> <!-- see tickets #3234, #3281 -->
<simpara>
On-line configuration has some limitations. Adding new subnets or
modifying existing ones work, as is removing the last subnet from
the list. However, removing non-last (e.g. removing subnet 1,2 or 3 if
there are 4 subnets configured) will cause issues. The problem is
caused by simplistic subnet-id assignment. The subnets are always
numbered, starting from 1. That subnet-id is then used in leases
that are stored in the lease database. Removing non-last subnet will
cause the configuration information to mismatch data in the lease
database. It is possible to manually update subnet-id fields in
MySQL database, but it is awkward and error prone process. A better
reconfiguration support is planned.
</simpara>
</listitem>
<listitem>
<simpara>Prefix delegation is not supported.</simpara>
<simpara>
The server will allocate, renew or rebind a maximum of one lease
for a particular IA option (IA_NA or IA_PD) sent by a client.
<ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink> and
<ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink> allow
for multiple addresses or prefixes to be allocated for a single IA.
</simpara>
</listitem>
<listitem>
<simpara>Confirmation (CONFIRM), and duplication report (DECLINE)
are not yet supported.</simpara>
<simpara>Temporary addresses are not supported.</simpara>
</listitem>
<listitem>
<simpara>DNS Update is not supported.</simpara>
<simpara>
Confirmation (CONFIRM), duplication report (DECLINE),
stateless configuration (INFORMATION-REQUEST) and client
reconfiguration (RECONFIGURE) are not yet supported.
</simpara>
</listitem>
<listitem>
<simpara>
The server doesn't act upon expired leases. In particular,
when a lease expires, the server doesn't request removal of
the DNS records associated with it.
</simpara>
</listitem>
</itemizedlist>
</section>
......@@ -6654,6 +6652,18 @@ DhcpDdns/reverse_ddns/ddns_domains [] list (default)
The server may be configured to listen over IPv4 or IPv6, therefore
ip-address may an IPv4 or IPv6 address.
</para>
<warning>
<simpara>
When the DHCP-DDNS server is configured to listen at an address
other than the loopback address (127.0.0.1 or ::1), it is possible
for a malicious attacker to send bogus NameChangeRequests to it
and change entries in the DNS. For this reason, addresses other
than the IPv4 or IPv6 loopback addresses should only be used
for testing purposes. A future version of Kea will implement
authentication to guard against such attacks.
</simpara>
</warning>
<note>
<simpara>
If the ip_address and port are changed, it will be necessary to change the
......@@ -7210,6 +7220,26 @@ DhcpDdns/reverse_ddns/ddns_domains[0]/dns_servers[0]/port 53 integer(default)
</para>
</section> <!-- end of "d2-example" -->
</section> <!-- end of section "d2-configuration" -->
<section>
<title>DHCP-DDNS Server Limitations</title>
<para>The following are the current limitations of the DHCP-DDNS Server.</para>
<itemizedlist>
<listitem>
<simpara>
Requests received from the DHCP servers are placed in a
queue until they are processed. Currently all queued requests
are lost when the server shuts down.
</simpara>
</listitem>
<listitem>
<simpara>
TSIG Authentication (<ulink
url="http://tools.ietf.org/html/rfc2845">RFC 2845</ulink>)
is not supported yet.
</simpara>
</listitem>
</itemizedlist>
</section>
</chapter> <!-- DHCP-DDNS Server -->
<chapter id="libdhcp">
......
......@@ -976,8 +976,7 @@ Dhcpv6Srv::assignLeases(const Pkt6Ptr& question, Pkt6Ptr& answer) {
// received options and handle IA_NA options one by one and store our
// responses in answer message (ADVERTISE or REPLY).
//
// @todo: expand this to cover IA_PD and IA_TA once we implement support for
// prefix delegation and temporary addresses.
// @todo: IA_TA once we implement support for temporary addresses.
for (OptionCollection::iterator opt = question->options_.begin();
opt != question->options_.end(); ++opt) {
switch (opt->second->getType()) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment