TCP/IP Information

DHCP and Dynamic IP Introduction

DHCP and Dynamic IP Introduction

Table of Contents

About This Information

  • Who Should Use This Information
  • What This Information Describes
  • For More Information
  • RFC Information
  • Request for Comments (RFC) Documents
  • What is Dynamic IP?

  • DHCP
  • Dynamic DNS
  • What Does Dynamic IP Provide?

  • Automates IP Network Access
  • Simplifies IP Network Administration
  • Allows Administration of Site-specific Host Environments
  • Enables Customized, Location-sensitive Host Serving
  • Uses Open Standards
  • Leverages Existing IP Network Products and Infrastructure
  • How Does Dynamic IP Work?

  • System Components
  • System Operation
  • Acquiring Configuration Information
  • Becoming Known on the Network
  • How Does DHCP Work?

  • How Are Leases Renewed?
  • IP Address Allocation Policies
  • What Happens When a Client Moves Out of its Subnet?
  • Dynamic IP Quick Start

  • Step 1. Configure the TCP/IP Support for the Server System
  • Step 2. Configure the DHCP Server
  • Step 3. Configure and Start the DDNS Server
  • Step 4. Start the DHCP Server
  • Step 5. Set Up the Dynamic IP Client
  • Testing the Quick-Start Dynamic IP Network
  • Configuring for Network Availability

  • Using a Single DHCP Server
  • Using Multiple DHCP Servers
  • DDNS Servers
  • Enabling Host Mobility

    Securing Your Dynamic IP Network

    Notices

  • Copyright Notices
  • Disclaimers
  • Acknowledgments
  • Trademarks

  • About This Information

    This information provides an overview of DHCP and Dynamic IP that describes the integration of the TCP/IP networking standards of Dynamic Host Configuration Protocol (DHCP) and Dynamic DNS (DDNS) to provide automatic IP network access.

    This section describes:


    Who Should Use This Information

    This information is for the everyday user of a workstation enabled to use DHCP-served IP addresses and also for the system administrator who plans, configures, and maintains automatic IP network access using DHCP and DDNS servers.


    What This Information Describes

    This information describes:


    For More Information

    This section lists Request for Comment (RFC) documents that apply to DHCP or DHCP options. It also describes how to obtain RFCs.

    RFC Information

    RFC 2131 and 2132 are the primary DHCP documents.

    Request for Comments (RFC) Documents

    The Internet is governed by protocols, which are defined in Internet Engineering Task Force (IETF) Request For Comments (RFC) documents. RFCs outline existing protocols, suggest new protocols, and establish standards for the Internet protocol suite. Internet drafts are proposals, techniques, and mechanisms that document IETF work in progress. Online copies of RFCs and Internet drafts are available from the InterNIC.

    To access RFCs or Internet drafts, point your Web browser at this URL, which goes to the Internet Documentation and IETF Information home page.

    http://ds1.internic.net/ds/dspg0intdoc.html
    

    You can transfer RFCs and Internet drafts by pointing your browser at this URL:

    ftp://ftp.ds.internic.net
    

    Alternatively, you can use FTP to connect to ds.internic.net. Then, you can transfer the files from the RFC directory using this format:

        RFCnnnn.TXT
        RFCnnnn.PS
    
    where:
    nnnn
    Is the RFC number
    TXT
    Indicates text format
    PS
    Indicates PostScript format

    In the RFC directory, the format for the RFC index is:

        RFC-INDEX.TXT
    

    Note:

    Many RFCs are available only in text format. Before requesting a PostScript file, first check the RFC Index to make sure the RFC is available in that format.

    You can also request online copies of RFCs through electronic mail, from the automated InterNIC mail server, by sending a message to mailserv@ds.internic.net. You must include one of these commands in the body of your note:

        SEND RFCnnnn.TXT
        SEND RFCnnnn.PS
    
    where:
    nnnn
    Is the RFC number
    TXT
    Indicates text format
    PS
    Indicates PostScript format

    For example, to request the text format of RFC 812, you would specify this command in the body of your note:

        SEND RFC812.TXT
    

    To request an online copy of the RFC index, include this command in the body of your note:

        SEND RFC-INDEX.TXT
    

    What is Dynamic IP?

    IBM's TCP/IP provides support for a new networking technology called Dynamic IP, which is the integration of the TCP/IP networking standards of Dynamic Host Configuration Protocol (DHCP) and Dynamic DNS (DDNS). DHCP and DDNS perform complementary functions in accomplishing the goal of automatic IP network access.

    Dynamic IP allows you to define network host configuration parameters at a central location and to automate configuration of IP hosts. Dynamic IP simplifies both IP network access and IP network administration, and is well-suited for supporting mobile hosts.

    Dynamic IP is the integration of the Dynamic Host Configuration Protocol (DHCP), which provides configuration information to IP hosts, and the Dynamic Domain Name System (DDNS), which provides dynamic host name-to-IP address (and IP address-to-host name) mapping for the Dynamic IP clients.

    The design of Dynamic IP evolved from customer requirements for addressing the challenges associated with network administration, particularly for large IP networks.

    The goal of Dynamic IP is to simplify these tasks and to provide an easier way to access and administer IP networks.

    In this document, we discuss what Dynamic IP provides and how it works. In addition, we provide some recommendations for configuring for network availability, discuss how Dynamic IP can be used to enable mobile hosts, and discuss the security aspects of Dynamic IP.


    DHCP

    DHCP (Dynamic Host Configuration Protocol) is a client/server protocol that enables you to centrally locate and dynamically distribute configuration information, including IP addresses.

    DHCP is based on the Bootstrap Protocol (BOOTP) and adds the capability of automatically allocating reusable network addresses and distributing additional host configuration options. DHCP clients and servers can use existing BOOTP relay agents, and DHCP and BOOTP clients and servers can generally interoperate with one another.

    DHCP protocols are described in IETF RFCs 2131 and 2132.


    Dynamic DNS

    DDNS (Dynamic Domain Name System) is a protocol that defines extensions to the Domain Name System to enable DNS servers to accept requests to update the DNS database dynamically and securely. These extensions define mechanisms for adding and deleting a set of names and associated resource records.

    Further, DDNS uses DNS security extensions to authenticate hosts that request to create or update entries in the DDNS database. Without client authentication, another host could impersonate an unsuspecting host by remapping the address entry for the unsuspecting host to that of its own. Once the remapping occurs, important data, such as login passwords and mail intended for the host would unfortunately be sent to the impersonating host instead.

    IBM implements fail-safe RSA public-key digital signature technology to secure the DNS database updates so that the database entries can not be changed by unauthorized hosts.

    For more information about DDNS, refer to the Internet Drafts (IDs), "Dynamic Updates in the Domain Name System" and "Domain Name System Protocol Security Extensions".


    What Does Dynamic IP Provide?

    Dynamic IP uses open standards and existing IP network products to:


    Automates IP Network Access

    A Dynamic IP client host can automatically obtain and use IP configuration information, including the network address, routers, and name servers to be used. This eliminates the need for each user to obtain and manually enter such information and, therefore, eliminates user frustration (and user error). In addition, this enables Dynamic IP hosts to freely move about the network and attach at arbitrary points without user or administrator intervention.

    Dynamic IP also provides a mechanism to enable other hosts in the network to locate Dynamic IP hosts at their current points of attachment by maintaining up-to-date host name-to-IP address mappings. Automated IP network access also makes Dynamic IP well-suited for laptops and other mobile computers that need to attach to IP networks at many different locations without losing their ability to access or be accessed by other hosts in a network.


    Simplifies IP Network Administration

    Dynamic IP simplifies the job of configuring IP hosts by allowing a network administrator to provide configuration information for a network and its hosts from a central server. Therefore, changes to the network configuration, such as a change in the routing infrastructure or in network services, need only be made in a single server configuration file, from which the information is then automatically disseminated to affected network hosts.

    In addition, administrators can configure Dynamic IP hosts to maintain their own DNS mappings in a Dynamic DNS server, thus further reducing the workload of IP network administrators.


    Allows Administration of Site-specific Host Environments

    Many businesses supplement their off-the-shelf client/server applications with locally-written network applications and frameworks. These locally-written applications typically require some amount of configuration either by the user or by a system or network administrator.

    Using Dynamic IP, you can distribute customer-defined configuration parameters, which simplifies the administration of these locally-written application environments.

    For example, an administrator may instruct the Dynamic IP client host software to identify itself to a DHCP server as belonging to a user-class called "accounting", which requires a site-specific DHCP option #130 known by convention as "accounting database server IP address". Further, the administrator can also instruct the client software to invoke a program called "INVENDBS.CMD" with the data passed in option #130 whenever that option is received. At the Dynamic IP server, the administrator would then define option #130 as the IP address of an accounting database server and specify that it is to be returned to clients of class "accounting".

    By defining both the data to be provided to clients as well as the way in which the clients process that data, an administrator can extend and customize your Dynamic IP setup to encompass applications and environments specific to the site.


    Enables Customized, Location-sensitive Host Serving

    Dynamic IP clients automatically receive the configuration parameters needed to access the network at a particular location. These configuration parameters can be considered "location-sensitive" because they are selected and served based on information about the host's location, specifically, the subnet to which it is attached. Thus, hosts can be served information and services that are relevant to their current location, making Dynamic IP ideal for supporting mobile hosts.

    In addition to providing these "location-sensitive" configuration parameters, administrators can use the site-customizing and host "classing" mechanisms to further customize the environment for mobile hosts. For instance, in our previous discussion of the accounting database server ( Allows Administration of Site-specific Host Environments), the value of option #130 can be defined to vary according to the client's location in the network.


    Uses Open Standards

    Because protocols employed by Dynamic IP conform to open networking standards, as specified in IETF Request for Comments (RFC) documents, IBM's implementation of Dynamic IP is compatible with and can interoperate with IP networking products from other manufacturers (OEM products) that implement these protocols.

    More specifically, IBM Dynamic IP clients can be served by OEM DHCP and DNS servers, when they become available. Similarly, IBM DHCP servers can support OEM BootP and DHCP clients. And because they are a functional superset of existing DNS servers, IBM Dynamic DNS servers can serve traditional name resolvers and can be seamlessly inserted into existing customer DNS server hierarchies.


    Leverages Existing IP Network Products and Infrastructure

    Dynamic IP clients and servers can interoperate with existing IP network products. Thus, you can integrate DHCP and DDNS servers and Dynamic IP clients into your network without change to your existing routers or routing tables and with little change to your existing DNS hierarchy.

    To use Dynamic IP in your network, you need only to ensure that a BootP relay agent is present on subnets where a Dynamic IP DHCP server is not. These relay agents ("BootP helpers"), which enable DHCP clients to locate DHCP servers, are widely available in today's IP router products.


    How Does Dynamic IP Work?

    This section provides an overview of the components of Dynamic IP and how they interact.


    System Components

    Four types of network components can comprise a Dynamic IP network:


    System Operation

    To illustrate, here is an example of the Dynamic IP process. We have divided the process into two phases: acquiring configuration information and becoming known on the network. In this example:

    Acquiring Configuration Information

    In the first phase of the Dynamic IP process, the DHCP client must obtain the configuration information needed to access the network.

    1. When "Client" is started, the DHCP client program broadcasts a DHCP DISCOVER message onto the LAN, soliciting responses from any available DHCP servers.

    2. When "Router" receives the DHCP broadcast message, it inserts its IP address on subnet "X" and forwards the message to "DHCPServ".

    3. When "DHCPServ" receives the DHCP broadcast message, it reads the IP address inserted by "Router" to determine where the DHCP DISCOVER request packet originated. "DHCPServ" selects an IP address and a set of network parameters appropriate for the originating subnet, subnet "X", and returns them in a DHCP OFFER packet to be forwarded to "Client" by way of "Router".

    4. "Client" receives the OFFER, decides whether the OFFER meets its needs, and assuming so, sends a REQUEST message to "DHCPServ" requesting use of the configuration parameters for the specified lease time.

    5. "DHCPServ" receives the request and acknowledges the request by sending an ACK message to "Client".

    6. Upon receipt of the ACK, "Client" implements the configuration information that it received in the OFFER to access the IP network.

    Becoming Known on the Network

    The client now has all the information it needs to access the network. One problem remains, however: no other hosts on the network know or can easily discover what address has been assigned to "Client". Therefore, "Client" is essentially inaccessible to other hosts in the network.

    The second phase of the process is needed to update the Domain Name System (DNS) server, "DynoDNS", with the name and address information assigned to "Client" so that others can discover the IP address assigned to "Client".

    In general, the following information is needed to update the Dynamic DNS server:

    To become known on the network:

    1. "Client" creates a message to be sent to "DynoDNS", which includes the necessary information.

      At this point, "Client" has not been configured with a DNS host name. So, the DDNS client configuration program prompts the user for the host name. In our example, we'll use "Warpspeed" as the host name.

      The DHCP client appends the pre-configured domain name, for example, "dynamic.your-company.com" to the host name.

      The name of the primary Dynamic DNS server defaults to "ns-updates" in the specified domain.

      So, for our example, "Warpspeed" will be uniquely known as "warpspeed.dynamic.your-company.com", and all associated DNS update requests for "Warpspeed" will be sent to the DNS server known as "ns-updates.dynamic.your-company.com".

    2. "Warpspeed" sends a name update message to "DynoDNS" indicating its fully-qualified host name, IP address, and the lease time.

    3. "DynoDNS" sends an acknowledgment to "Warpspeed" that the information has been received and the database has been updated.

    The initialization of host "Warpspeed" is now complete. Not only is "Warpspeed" now able to access the network, but it is also known and accessible to other hosts in the network. All of this happens automatically without any intervention by a user or administrator.

    Note:

    For every name-to-address mapping in the DNS, there should also be a corresponding address-to-name mapping. Although not mentioned in the example above, the "DHCPServ" is also notified of the host name "Warpspeed" that is assigned to "Client". "DHCPServ" then sends a DDNS update request to "DynoDNS" specifying the reverse address mapping of the assigned IP address to the host name. "DHCPServ" can also be configured to update both the name-to-address mapping and the address-to-name mapping.

    How Does DHCP Work?

    DHCP allows clients to obtain IP network configuration, including an IP address, from a central DHCP server. DHCP servers control whether the addresses it provides to clients are allocated permanently or are "leased" for a specific time period. When a client is allocated a leased address, it must periodically check in with the server to re-validate the address and renew the lease.

    The processes of address allocation, leasing, and lease renewal are all handled by the DHCP client and server programs and are transparent to end-users.


    How Are Leases Renewed?

    The DHCP client keeps track of how much time is remaining on the lease. At a specified time prior to the expiration of the lease, usually when half of the lease time has passed, the client sends a renewal request, containing its current IP address and configuration information, to the leasing server. If the server responds with a lease offer, the DHCP client's lease is renewed.

    If the DHCP server explicitly refuses the request, the DHCP client may continue to use the IP address until the lease time expires and then initiate the address request process, including broadcasting the address request. If the server is unreachable, the client may continue to use the assigned address until the lease expires.


    IP Address Allocation Policies

    DHCP defines IP address allocation policies that include:

    Dynamic
    A DHCP server assigns an IP address to a requesting bootP or DHCP client from a range of available addresses

    Static
    A DHCP server administrator assigns a static, predefined address reserved for a specific bootP or DHCP client

    DHCP provides the following lease policies for IP addresses:

    Temporary
    An IP address is temporarily "leased" to a bootP or DHCP client. A DHCP client that does not have a permanent lease must periodically request the renewal of its lease on its current IP address in order to keep using the address. The process of renewing leased IP addresses occurs dynamically as part of the DHCP protocols and is not generally visible to end-users.

    Permanent
    An IP address is leased for an infinite period of time to a bootP or DHCP client. No process of lease renewal is required.

    For dynamic address allocation, a DHCP client that does not have a permanent lease must periodically request the renewal of its lease on its current IP address in order to keep using it. The process of renewing leased IP addresses occurs dynamically as part of the DHCP protocols and is not generally visible to end-users.

    You may use the DHCP Client Monitor program (DHCPMON) to view DHCP protocol events and status, including address leasing and lease renewal.


    What Happens When a Client Moves Out of its Subnet?

    One benefit of DHCP is the freedom it provides a client host to move from one subnet to another without having to know ahead of time what IP configuration information it needs on the new subnet. As long as the subnets to which a host relocates have access to a DHCP server, a DHCP client will automatically configure itself correctly to access those subnets.

    In order for DHCP clients to reconfigure to access a new subnet, the client host must be restarted. When a host restarts on a new subnet, the DHCP client tries to renew its old lease with the DHCP server which originally allocated the address. The server refuses to renew the request since the address is not valid on the new subnet. Receiving no server response or instructions from the DHCP server, the client initiates the IP address request process to obtain a new IP address and access the network.


    Dynamic IP Quick Start

    This section provides instructions for setting up a simple, yet fully operational, Dynamic IP network with two workstations:

    To set up the sample Dynamic IP network, do the following:

    1. Configure the basic TCP/IP support for the server system
    2. Configure the DHCP server
    3. Configure and start the DDNS server
    4. Start the DHCP server
    5. Set up the Dynamic IP client

    After completing these steps, you can test the Dynamic IP setup.


    Step 1. Configure the TCP/IP Support for the Server System

    The server system is used for both the DHCP and DDNS servers in our Dynamic IP network and has:

    To configure the TCP/IP support for the server, do the following:

    1. Open the TCP/IP configuration notebook.

    2. On the Network tab, on the Basic subtab:
      1. In the Interface To Configure list box, select LAN Interface 0.
      2. Under Configuration Options, check the Enable Interface check box.
      3. Select the Manually, Using radio button.
      4. In the IP Address field, type: 9.67.96.10
      5. In the Subnet Mask field, type: 255.255.240.0

    3. On the Host Names tab, on the Name Resolution subtab:
      1. In the This Computer's Host Name field, type: ns-updates
      2. In the Local Domain Name field, type: testsub.testdom
      3. Select the Name Server Addresses list box.
      4. Click Add.
      5. In the Name Server Address field, type: 9.67.96.10
      6. Click OK.

    4. Click OK to exit the notebook and save your changes.

    Step 2. Configure the DHCP Server

    Next, configure the DHCP server using the DHCP Server Configuration program and place the DHCP server configuration file in the subdirectory identified by the ETC environment variable. This step configures the DHCP server to assign an address and options to the subnet our client is in. Our sample network will have:

    Configure the DHCP server as follows:

    1. Start the DHCP Server Configuration program.

    2. Click the Global icon.

    3. On the Configure pull-down, click Add Subnet to open the Subnet notebook.

    4. On the Subnet Definition tab:

    5. On the DHCP Options tab:

    6. On the Miscellaneous tab, in the DDNS Server for PTR Record Updates field, type 9.67.96.10. A key for the DHCP server will be created automatically when the program is closed. The key enables the DHCP server to send host name updates for the addresses it allocates to the primary DDNS server (ns-updates.testsub.testdom).

    7. Click OK to close the notebook.

    8. Double-click the DHCP Server icon to open the DHCP Server Parameters notebook.

    9. On the DDNS PTR Records tab, check the Automatically Update or Delete PTR Records check box to specify DHCP server support for DDNS PTR records.

    10. Click OK to close the notebook.

    11. Optionally, you can view the resulting configuration file. To do that, click the subnet, and, on the View pull-down, click View Entire File to see the file:
      leaseExpireInterval 1 minutes
      leaseTimeDefault 24 hours
      pingTime 1 seconds
      reservedTime 5 minutes
      usedIPAddressExpireInterval 1000 seconds
      statisticSnapshot 1
      updateDNSP "nsupdate -f -r%s -s"d;ptr;*;a;ptr;%s;s;%s;3110400;q""
      releaseDNSP "nsupdate -f -r%s -s"d;ptr;%s;s;%s;0;q""
      updateDNSA "nsupdate -f -h%s -s"d;a;*;a;a;%s;s;%s;3110400;q""
      releaseDNSA "nsupdate -f -h%s  -s"d;a;%s;s;%s;0;q""
      supportBOOTP no
      supportUnlistedClients yes
      allRoutesBroadcast no 
       
      appendDomainName yes
      canonical no
      proxyARec no
      subnet 9.67.96.0 255.255.240.0 9.67.96.1-9.67.96.50 (alias=mysubnet DDNSServer=9.67.96.10
      {
        client 0 0 9.67.96.10
        option 51 900 
        option 6 9.67.96.10 
        option 1 255.255.240.0
        option 15 testsub.testdom 
      }
      

    12. Click File, Exit to exit the program.

    For more information on using the DHCP Server Configuration program, see the online help.


    Step 3. Configure and Start the DDNS Server

    Next, configure the DDNS server in one of the following ways:


    Step 4. Start the DHCP Server

    To start the DHCP server, do one of the following:

    Note:

    You can display messages by using the -v (verbose) option on the DHCPSD command or in the settings for the icon.

    Step 5. Set Up the Dynamic IP Client

    Configure the DHCP client to operate as a Dynamic IP client (using integrated DDNS client services) as follows:

    Note:

    The client is in the same network and subnet as the server.

    1. Open the TCP/IP configuration notebook.

    2. On the Network tab, on the Basic subtab:

      1. In the Interface to Configure list box, select the LAN interface you want to enable.

      2. Under Configuration Options, check the Enable Interface check box.

      3. Select the Automatically, Using DHCP radio button.

        Note:

        You can configure only one DHCP LAN interface.

      4. Check the Also Using DDNS check box.

    3. Enter other TCP/IP configuration information as needed.

    4. Click OK to exit the TCP/IP configuration notebook and save your changes.

    5. Restart the workstation.

      Note:

      An IP address is obtained from the DHCP server, and, because you are using DDNS with DHCP, the Dynamic IP client configuration program (DDNSCFG) is started.

    6. Fill in the following information requested by the Dynamic IP client configuration program:

    7. Click Configure to send the information to the DDNS and DHCP servers and to create a key file, which is used to secure any dynamic updates requested by the client.

    The host name is then registered with the primary DDNS server, and the DNS database is updated with an address (A) record for the host. The A record maps the host name to the IP address assigned by the DHCP server and enables other hosts in the network to discover the address of the host using its name.

    After the name is registered with the DDNS server, the DHCP client program sends an address lease renewal request to the DHCP server. The DHCP server renews the DHCP client's lease and sends a dynamic update request to the DDNS server owning the reverse mapping for the IP address, which is in the pointer (PTR) record. The PTR record maps the IP address to the host name and enables other hosts in the network to discover the name of a host using its IP address.

    Because the DHCP server is configured to serve DNS information, the client's RESOLV2 file gets updated with this information about the domain and the name server:

    domain testsub.testdom
    nameserver 9.67.96.10
    

    If you used the -v (verbose) option when you started the DHCP server, you see DISCOVER and REQUEST messages from the client indicating the types of packets received and the server's response. The DISCOVER message indicates that the DHCP server can supply an address to the client, which has just been restarted. The REQUEST message indicates that the server received a request for an address from the client and has given the client an address.

    Request From:     6-0x08005afa4b4d
                Type:     DISCOVER
                Status:   Offering address to the client - REPLY OFFER
                IP Addr:  9.67.96.1
                Options:  1 6 15 51
    Request From:     6-0x08005afa4b4d
                Type:     REQUEST
                Status:   Requesting a reserved address - REPLY ACK
                IP Addr:  9.67.96.1
                Options:  1 6 15 51
    

    Testing the Quick-Start Dynamic IP Network

    To test the quick-start Dynamic IP network to ensure that it is operating correctly, do the following:

    1. View status information about the client by using the DHCP Client Monitor program at the client. The DHCP Client Monitor program displays status information about the DHCP address lease and the DDNS name registration process. To start the DHCP Client Monitor program, double-click the DHCP Client Monitor icon or enter dhcpmon at a command prompt.

    2. Use the PING command to query the client. At an OS/2 command prompt at the Dynamic IP client, PING the client by host name as follows:
      ping host1234
      

      The information displayed indicates that the host name resolved to the IP address indicated in the lease field of the DHCP Client Monitor program and that the ping was successful.

      Note:

      You can also PING the client from the server; to do that, the server must point in its RESOLV2 file to the DDNS server, that is, to itself.

    Configuring for Network Availability

    The DHCP protocols do not provide for server-to-server communication to enable sharing of information, such that one DHCP server could perform as a "hot backup" in the case the other one fails. Similarly, the Dynamic DNS protocols allow only one primary Dynamic DNS server to update a particular host DNS record. Therefore, with these limitations on component redundancy, Dynamic IP networks require careful planning in order to ensure network availability when using a single DHCP server or multiple DHCP servers and when using a Dynamic DNS server.


    Using a Single DHCP Server

    If you choose to use a single DHCP server to service hosts on a subnet, consider the effects of the failure of that server. Generally, the failure of a sole server will affect only DHCP clients that are attempting to join the network. Typically DHCP clients already on the network will continue operating unaffected until their lease expires. However, if the lease time is short, even those clients may lose their network access before the server can be restarted. To avoid this, if you have only one DHCP server for a subnet, you should choose a sufficiently long lease to allow time to restart or respond to the failed DHCP server. This will minimize the impact of server down-time.

    The timers associated with client DHCP lease renewal algorithms can be set at the DHCP server to help ensure that server failures do not affect network operation.


    Using Multiple DHCP Servers

    To avoid a single point of failure, you can configure two or more DHCP servers to serve the same subnet. If one server fails, the other can continue to serve the subnet. Each of the DHCP servers must be accessible either by direct attachment to the subnet or by using a BootP Relay agent.

    Because two DHCP servers cannot serve the same addresses, address ranges defined for a subnet must be unique across DHCP servers. Therefore, when using two or more DHCP servers to serve a particular subnet, the complete list of addresses for that subnet must be divided among the servers. For example, you could configure one server with an address range consisting of 70% of the available addresses for the subnet and the other server with an address range consisting of the remaining 30% of the available addresses.

    Using multiple DHCP servers decreases the probability of having a DHCP-related network access failure, but it does not guarantee against it. If a DHCP server for a particular subnet fails, the other DHCP server may not be able to service all the requests from new clients which may, for example, exhaust the server's limited range of available addresses.

    However, you can bias which DHCP server exhausts its range of addresses first. DHCP clients tend to select the DHCP server offering more options. To bias service toward the DHCP server with 70% of the available addresses, offer fewer DHCP options from the server holding 30% of the available addresses for the subnet.


    DDNS Servers

    Because only one primary Dynamic DNS server allows updates for any particular host, the failure of that DDNS server will delay, but not prevent, those hosts from registering new DNS record information. The NSUPDATE program, which is used by a DHCP client or server when requesting dynamic updates, will save the updates and retry them later. Primary DDNS server failure can temporarily impair the ability of other hosts in the network to retrieve existing information about a particular host; that is, if the DDNS server is down when a client host attaches to the network, the name registration by the client host is delayed and information about the host is not immediately available in DNS.

    If the primary DDNS server fails after a client host registers its name, information about the host may still be available if there are other DNS servers in the network acting as secondaries for the zone of the client host. In this case, the information in the secondary DNS servers will be available for the period of time according to the DDNS record expiration time, which is based on the DHCP lease time in Dynamic IP hosts.

    Accordingly, there is no strategy for having multiple DDNS servers enable updates for a pool of Dynamic IP hosts. There can be only one DDNS server primary for a particular DNS zone. You can, however, use one or more DNS servers as secondaries for a zone in order to enhance the availability of the information to other hosts in the network in the event of a primary DDNS server failure.

    One important note is that you must configure the primary DNS servers to provide updates for the dynamic zones to its secondaries more frequently.


    Enabling Host Mobility

    Dynamic IP is well suited for use in networking mobile hosts, such as laptop computers. When accessing a Dynamic IP network, Dynamic IP clients can automatically obtain and implement configuration information and register their current location/address with the Dynamic DNS server. And, because the DHCP server can provide location-specific configuration information, mobile clients can be assured of always having an accurate configuration.

    If you move the Dynamic IP client host out of its current subnet, you will simply need to reboot it to obtain configuration information for the new location and to update the Dynamic DNS server with the new IP address. Because the Dynamic DNS server that you update remains constant, other hosts will be able to reach you using your fully-qualified host name even if you move out of the domain. To illustrate:

    Fred works at the Phoenix location of Acme Corporation. His host name is fredb and his domain is dynamic.acme.com. Each time he starts his laptop, he is allocated an address by one of the DHCP servers in his network and updates are made to the local Dynamic DNS server, named ns-updates.dynamic.acme.com, to map his new address to his host name (and vice versa). Fred's co-workers can reach him using the host name of fredb.dynamic.acme.com.

    One week later, Fred is asked to help out in the Dallas office. He takes his laptop with him. When he starts his laptop, he is allocated an address by one of the DHCP servers in the Dallas network. He updates his home Dynamic DNS server, ns-updates.dynamic.acme.com, with his new IP address. Therefore, assuming the Phoenix network and the Dallas network are connected, Fred can still be reached using fredb.dynamic.acme.com.

    Note:

    For efficient name resolution, the client will use the local DNS server to resolve host names.

    Securing Your Dynamic IP Network

    The DHCP protocol specification does not include any mechanisms to limit access to DHCP services. Therefore, DHCP does not increase or decrease an IP network's exposure to unauthorized access.

    Dynamic DNS, however, does provide mechanisms to prevent unauthorized access to Dynamic DNS update services. DNS security extensions are used in DDNS to authenticate hosts that request to enter or change entries in the DDNS server database. Without client authentication, an unauthorized host, perhaps one with malicious intent, could impersonate an authorized host by remapping the address entry. Once the remapping occurred, data intended for the authorized host, such as login passwords, could be intercepted by the impersonating host.

    IBM's DDNS servers support two modes of controlling updates for a particular dynamic DNS zone: dynamic secured and dynamic presecured.

    In either mode, the IBM Dynamic DNS client and server use RSA public key digital signature technology to authenticate DDNS update requests.

    For more information, refer to DNS Administration.


    Notices

    Second Edition (September 1997)

    The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions; therefore, this statement may not apply to you.

    This publication might include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

    This publication was developed for products and services offered in the United States of America. IBM may not offer the products, services, or features discussed in this document in other countries, and the information is subject to change without notice. Consult your local IBM representative for information on the products, services, and features available in your area.

    Requests for technical information about IBM products should be made to your IBM reseller or IBM marketing representative.


    Copyright Notices

    © Copyright International Business Machines Corporation 1996, 1997. All rights reserved.

    Note to U.S. government Users -- Documentation related to restricted rights -- Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.

    IBM is required to include the following statements in order to distribute portions of this document and the software described herein.

    __________________________________

    The TCP/IP client and server software included herein contains network security technology licensed from RSA Data Security, Inc. This technology is licensed solely for use with software using technology previously licensed from RSA Data Security, Inc.


    Disclaimers

    References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM product, program or service is not intended to state or imply that only IBM's product, program, or service may be used. Subject to IBM's valid intellectual property or other legally protectable rights, any functionally equivalent product, program, or service may be used instead of the IBM product, program, or service. Evaluation and verification of operation in conjunction with other products, programs, or services, except those expressly designated by IBM, are the user's responsibility.

    IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:

       IBM Director of Licensing
       IBM Corporation
       500 Columbus Avenue
       Thornwood, NY 10594
       U.S.A.
    

    Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact IBM Corporation, Department LZKS, 11400 Burnet Road, Austin, TX 78758, U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.


    Acknowledgments

    TCP/IP for OS/2 incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code, and the original compression sources are freely available from Compuserve in the OS2USER forum and by anonymous ftp from the Internet site ftp.uu.net:/pub/archiving/zip.


    Trademarks

    The following terms are trademarks of the IBM Corporation in the United States or other countries or both:

    Other company, product, and service names which may be denoted by a double asterisk (**), may be trademarks or service marks of others.