TCP/IP Information

 

 

Dynamic IP Introduction

About this information

  • Who should use this information
  • What this information describes
  • For more information
  • What is Dynamic IP?

  • DHCP
  • Dynamic DNS
  • What does Dynamic IP provide?

  • Automates IP network access
  • Simplifies IP network administration
  • Allows administration of site-specific host environments
  • Enables customized, location-sensitive host serving
  • Uses open standards
  • Leverages existing IP network products and infrastructure
  • How does Dynamic IP work?

  • System components
  • System operation
  • Acquiring configuration information
  • Becoming known on the network
  • How does DHCP work?

  • How are leases renewed?
  • IP address allocation policies
  • What happens when a client moves out of its subnet?
  • Dynamic IP quick start

  • Step 1. Configure the TCP/IP support for the server system
  • Step 2. Configure the DHCP server
  • Step 3. Configure and start the DDNS server
  • Step 4. Start the DHCP server
  • Step 5. Set Up the Dynamic IP client
  • Testing the quick-start Dynamic IP network
  • Configuring for network availability

  • Using a single DHCP server
  • Using multiple DHCP servers
  • DDNS servers
  • Enabling host mobility

    Securing your Dynamic IP network

    Notices

  • Copyright Notices
  • Disclaimers
  • Acknowledgments
  • Trademarks

  • About this information

    This information provides an overview of Dynamic IP that describes the integration of the TCP/IP networking standards of Dynamic Host Configuration Protocol (DHCP) and Dynamic Domain Name Service (DDNS) to provide automatic IP network access.

    This section describes:


    Who should use this information

    This information is for the everyday user of a workstation enabled to use DHCP-served IP addresses and configuration parameters and also for the system administrator who plans, configures, and maintains automatic IP network access using DHCP and DDNS servers.


    What this information describes

    This information describes:


    For more information

    This section lists Request for Comment (RFC) documents that apply to DHCP or DHCP options.

    RFCs 2131 and 2132 are the primary DHCP documents.

    Primary DDNS RFCs include 1034, 1035, 1060, 1995, and 1996.


    What is Dynamic IP?

    IBM® Dynamic IP is the integration of the TCP/IP networking standards of Dynamic Host Configuration Protocol (DHCP) and Dynamic Domain Name System (DDNS). Dynamic IP enables you to define network host configuration parameters at a central location and to automate configuration of IP hosts. It simplifies both IP network access and IP network administration and is well-suited for supporting mobile hosts.

    DHCP and DDNS perform complementary functions in accomplishing the goal of automatic IP network access. DHCP provides configuration information to IP hosts, and DDNS provides dynamic host name-to-IP address (and IP address-to-host name) mapping for the Dynamic IP clients.

    The major benefits of Dynamic IP include:

    The design of Dynamic IP evolved from customer requirements for addressing the challenges associated with network administration, particularly for large IP networks.

    The goal of Dynamic IP is to simplify these tasks and to provide an easier way to access and administer IP networks.

    This document describes what Dynamic IP provides and how it works. It also describes some recommendations for configuring for network availability, how Dynamic IP can be used to enable mobile hosts, and security aspects of Dynamic IP.


    DHCP

    DHCP is a client/server protocol that enables you to centrally locate and dynamically distribute configuration information, including IP addresses. It is based on the Bootstrap Protocol (BOOTP) and adds the capability of automatically allocating reusable network addresses and distributing additional host configuration options. DHCP clients and servers can use existing BOOTP relay agents, and DHCP and BOOTP clients and servers can generally interoperate with one another.

    DHCP protocols are described in IETF RFCs 2131 and 2132.


    Dynamic DNS

    DDNS is a protocol that defines extensions to the Domain Name System to enable DNS servers to accept requests to update the DNS database dynamically and securely. These extensions define mechanisms for adding and deleting a set of names and associated resource records.

    Further, DDNS uses DNS security extensions to authenticate hosts that request to create or update entries in the DDNS database. Without client authentication, another host could impersonate an unsuspecting host by remapping the address entry for the unsuspecting host to that of its own. Once the remapping occurs, important data, such as login passwords and mail intended for the host would unfortunately be sent to the impersonating host instead.

    IBM implements fail-safe RSA public-key digital signature technology to secure the DNS database updates so that the database entries can not be changed by unauthorized hosts.


    What does Dynamic IP provide?

    Dynamic IP uses open standards and existing IP network products to:


    Automates IP network access

    A Dynamic IP client can automatically obtain and use IP configuration information, including (but not limited to) the network address, routers, and name servers to be used. This eliminates the need for each user to obtain and manually enter such information and, therefore, eliminates user frustration (and user error). In addition, this enables Dynamic IP hosts to freely move about the network and attach at arbitrary points without user or administrator intervention.

    Dynamic IP also provides a mechanism to enable other hosts in the network to locate Dynamic IP hosts at their current points of attachment by maintaining up-to-date host name-to-IP address mappings. Automated IP network access also makes Dynamic IP well-suited for laptops and other mobile computers that need to attach to IP networks at many different locations without losing their ability to access, or be accessed, by other hosts in a network.


    Simplifies IP network administration

    Dynamic IP simplifies the job of configuring IP hosts by allowing a network administrator to provide configuration information for a network and its hosts from a central server. Therefore, changes to the network configuration, such as a change in the routing infrastructure or in network services, need only be made in a single server configuration file, from which the information is then automatically disseminated to affected network hosts.

    In addition, administrators can configure Dynamic IP hosts to maintain their own DNS mappings in a Dynamic DNS server, thus further reducing the workload of IP network administrators.


    Allows administration of site-specific host environments

    Many businesses supplement their off-the-shelf client/server applications with locally-written network applications and frameworks. These locally-written applications typically require some amount of configuration either by the user or by a system or network administrator.

    Using Dynamic IP, you can distribute customer-defined configuration parameters, which simplifies the administration of these locally-written application environments.

    For example, an administrator may instruct the Dynamic IP client host software to identify itself to a DHCP server as belonging to a user-class called "accounting", which requires a site-specific DHCP option #130 known by convention as "accounting database server IP address". Further, the administrator can also instruct the client software to invoke a program called "INVENDBS.CMD" with the data passed in option #130 whenever that option is received. At the Dynamic IP server, the administrator would then define option #130 as the IP address of an accounting database server and specify that it is to be returned to clients of class "accounting".

    By defining both the data to be provided to clients as well as the way in which the clients process that data, an administrator can extend and customize your Dynamic IP setup to encompass applications and environments specific to the site.


    Enables customized, location-sensitive host serving

    Dynamic IP clients automatically receive the configuration parameters needed to access the network at a particular location. These configuration parameters can be considered "location-sensitive" because they are selected and served based on information about the host's location, specifically, the subnet to which it is attached. Thus, hosts can be served information and services that are relevant to their current location, making Dynamic IP ideal for supporting mobile hosts.

    In addition to providing these "location-sensitive" configuration parameters, administrators can use the site-customizing and host "classing" mechanisms to further customize the environment for mobile hosts. For instance, in our previous discussion of the accounting database server ( Allows administration of site-specific host environments), the value of option #130 can be defined to vary according to the client's location in the network.


    Uses open standards

    Because protocols employed by Dynamic IP conform to open networking standards, as specified in IETF Request for Comments (RFC) documents, IBM's implementation of Dynamic IP is compatible with and can interoperate with IP networking products from other manufacturers (OEM products) that implement these protocols.

    More specifically, IBM Dynamic IP clients can be served by OEM DHCP and DNS servers, when they become available. Similarly, IBM DHCP servers can support OEM BootP and DHCP clients. And because they are a functional superset of existing DNS servers, IBM Dynamic DNS servers can serve traditional name resolvers and can be seamlessly inserted into existing customer DNS server hierarchies.


    Leverages existing IP network products and infrastructure

    Dynamic IP clients and servers can interoperate with existing IP network products. Thus, you can integrate DHCP and DDNS servers and Dynamic IP clients into your network without change to your existing routers or routing tables and with little change to your existing DNS hierarchy.

    To use Dynamic IP in your network, you need only to ensure that a BootP relay agent is present on subnets where a Dynamic IP DHCP server is not. These relay agents ("BootP helpers"), which enable DHCP clients to locate DHCP servers, are widely available in today's IP router products.


    How does Dynamic IP work?

    This section provides an overview of the components of Dynamic IP and how they interact.


    System components

    A Dynamic IP network can include four types of network components:


    System operation

    To illustrate, here is an example of the Dynamic IP process. We have divided the process into two phases: acquiring configuration information and becoming known on the network. In this example:

    Acquiring configuration information

    In the first phase of the Dynamic IP process, the Dynamic IP client must obtain the configuration information needed to access the network.

    1. When "Client" is started, the DHCP client program broadcasts a DHCP DISCOVER message onto the LAN, soliciting responses from any available DHCP servers.

    2. When "Router" receives the DHCP broadcast message, it inserts its IP address on subnet "X" and forwards the message to "DHCPServ".

    3. When "DHCPServ" receives the DHCP broadcast message, it reads the IP address inserted by "Router" to determine where the DHCP DISCOVER request packet originated. "DHCPServ" selects an IP address and a set of network parameters appropriate for the originating subnet, subnet "X", and returns them in a DHCP OFFER packet to be forwarded to "Client" by way of "Router".

    4. "Client" receives the OFFER, decides whether the OFFER meets its needs, and assuming so, sends a REQUEST message to "DHCPServ" requesting use of the configuration parameters for the specified lease time.

    5. "DHCPServ" receives the request and acknowledges the request by sending an ACK message to "Client".

    6. Upon receipt of the ACK, "Client" implements the configuration information that it received in the OFFER to access the IP network.

    Becoming known on the network

    The client now has all the information it needs to access the network. One problem remains, however: no other hosts on the network know or can easily discover what address has been assigned to "Client". Therefore, "Client" is essentially inaccessible to other hosts in the network.

    The second phase of the process is needed to update the Domain Name System (DNS) server, "DynoDNS", with the name and address information assigned to "Client" so that others can discover the IP address assigned to "Client".

    In general, the following information is needed to update the Dynamic DNS server:

    To become known on the network:

    1. "Client" creates a message to be sent to "DynoDNS", which includes the necessary information.

      At this point, "Client" has not been configured with a DNS host name. So, the DDNS client configuration program prompts the user for the host name. In our example, we'll use "Warpspeed" as the host name.

      The DHCP client appends the pre-configured domain name, for example, "dynamic.your-company.com" to the host name.

      The name of the primary Dynamic DNS server defaults to "ns-updates" in the specified domain.

      So, for our example, "Warpspeed" will be uniquely known as "warpspeed.dynamic.your-company.com", and all associated DNS update requests for "Warpspeed" will be sent to the DNS server known as "ns-updates.dynamic.your-company.com".

    2. "Warpspeed" sends a hostname update message to "DynoDNS" indicating its fully-qualified host name, IP address, and the lease time.

    3. "DynoDNS" sends an acknowledgment to "Warpspeed" that the information has been received and the database has been updated.

    The initialization of host "Warpspeed" is now complete. Not only is "Warpspeed" now able to access the network, but it is also known and accessible to other hosts in the network. All of this happens automatically without any intervention by a user or administrator.

    Note:

    For every name-to-address mapping in the DNS, there should also be a corresponding address-to-name mapping. Although not mentioned in the example above, the "DHCPServ" is also notified of the host name "Warpspeed" that is assigned to "Client". "DHCPServ" then sends a DDNS update request to "DynoDNS" specifying the reverse address mapping of the assigned IP address to the host name. "DHCPServ" can also be configured to update both the name-to-address mapping and the address-to-name mapping on the client's behalf.

    How does DHCP work?

    DHCP allows clients to obtain IP network configuration, including an IP address, from a central DHCP server. DHCP servers control whether the addresses it provides to clients are allocated permanently or are "leased" for a specific time period. When a client is allocated a leased address, it must periodically check in with the server to re-validate the address and renew the lease.

    The processes of address allocation, leasing, and lease renewal are all handled by the DHCP client and server programs and are transparent to end-users.


    How are leases renewed?

    The DHCP client keeps track of how much time is remaining on the lease. At a specified time prior to the expiration of the lease, usually when half of the lease time has passed, the client sends a renewal request, containing its current IP address and configuration information, to the leasing server. If the server responds with a lease offer, the DHCP client's lease is renewed.

    If the DHCP server explicitly refuses the request, the DHCP client may continue to use the IP address until the lease time expires and then initiate the address request process, including broadcasting the address request. If the server is unreachable, the client may continue to use the assigned address until the lease expires.


    IP address allocation policies

    DHCP defines IP address allocation policies that include:

    Dynamic
    A DHCP server assigns an IP address to a requesting bootP or DHCP client from a range of available addresses

    Static
    A DHCP server administrator assigns a static, predefined address reserved for a specific bootP or DHCP client

    DHCP provides the following lease policies for IP addresses:

    Temporary
    An IP address is temporarily "leased" to a bootP or DHCP client. A DHCP client that does not have a permanent lease must periodically request the renewal of its lease on its current IP address in order to keep using the address. The process of renewing leased IP addresses occurs dynamically as part of the DHCP protocols and is not generally visible to end-users.

    Permanent
    An IP address is leased for an infinite period of time to a bootP or DHCP client. No process of lease renewal is required.

    For dynamic address allocation, a DHCP client that does not have a permanent lease must periodically request the renewal of its lease on its current IP address in order to keep using it. The process of renewing leased IP addresses occurs dynamically as part of the DHCP protocols and is not generally visible to end-users.

    You may use the DHCP Client Monitor program (DHCPMON) to view DHCP protocol events and status, including address leasing and lease renewal.


    What happens when a client moves out of its subnet?

    One benefit of DHCP is the freedom it provides a client host to move from one subnet to another without having to know ahead of time what IP configuration information it needs on the new subnet. As long as the subnets to which a host relocates have access to a DHCP server, a DHCP client will automatically configure itself correctly to access those subnets.

    In order for DHCP clients to reconfigure to access a new subnet, the client host must be restarted. When a host restarts on a new subnet, the DHCP client tries to renew its old lease with the DHCP server which originally allocated the address. The server refuses to renew the request since the address is not valid on the new subnet. Receiving no server response or instructions from the DHCP server, the client initiates the IP address request process to obtain a new IP address and access the network.


    Dynamic IP quick start

    This section provides instructions for setting up a simple, yet fully operational, Dynamic IP network with two workstations:

    To set up the sample Dynamic IP network, do the following:

    1. Configure the basic TCP/IP support for the server system
    2. Configure the DHCP server
    3. Configure and start the DDNS server
    4. Start the DHCP server
    5. Set up the Dynamic IP client

    After completing these steps, you can test the Dynamic IP setup.


    Step 1. Configure the TCP/IP support for the server system

    The server system is used for both the DHCP and DDNS servers in our Dynamic IP network and has:

    To configure the TCP/IP support for the server, do the following:

    1. Open the TCP/IP configuration notebook.

    2. On the Network tab, on the Basic subtab:
      1. In the Interface To Configure list box, select LAN Interface 0.
      2. Under Configuration Options, check the Enable Interface check box.
      3. Select the Manually, Using radio button.
      4. In the IP Address field, type: 9.67.96.10
      5. In the Subnet Mask field, type: 255.255.240.0

    3. On the Host Names tab, on the Name Resolution subtab:
      1. In the This Computer's Host Name field, type: ns-updates
      2. In the Local Domain Name field, type: testsub.testdom
      3. Select the Name Server Addresses list box.
      4. Click Add.
      5. In the Name Server Address field, type: 9.67.96.10
      6. Click OK.

    4. Click OK to exit the notebook and save your changes.

    Step 2. Configure the DHCP server

    Next, configure the DHCP server using the DHCP Server Configuration program to assign an address and options to the subnet our client is in. Our sample network will have:

    Configure the DHCP server as follows:

    1. Start the DHCP Server Configuration program. In the Configuration Management configuration tree, right-click DHCP to display the menu and then click Current Configuration.

    2. Click the Global icon.

    3. On the Configure pull-down, click Add Subnet to open the Subnet notebook.

    4. On the Subnet Definition tab:

    5. On the DHCP Options tab:

    6. On the Miscellaneous tab, in the DDNS Server for PTR Record Updates field, type 9.67.96.10. A key for the DHCP server will be created automatically when the program is closed. The key enables the DHCP server to send host name updates for the addresses it allocates to the primary DDNS server (ns-updates.testsub.testdom).

    7. Click OK to close the notebook.

    8. Double-click the DHCP Server icon to open the DHCP Server Parameters notebook.

    9. On the DDNS PTR Records tab, check the Automatically Update or Delete PTR Records check box to specify DHCP server support for DDNS PTR records.

    10. Click OK to close the notebook.

    11. Optionally, you can view the resulting configuration file. To do that, click the subnet, and, on the View pull-down, click View Entire File to see the file:
      leaseExpireInterval 1 minutes
      leaseTimeDefault 24 hours
      pingTime 1 seconds
      reservedTime 5 minutes
      usedIPAddressExpireInterval 1000 seconds
      statisticSnapshot 1
      updateDNSP "nsupdate -f -r%s -s"d;ptr;*;a;ptr;%s;s;%s;3110400;q""
      releaseDNSP "nsupdate -f -r%s -s"d;ptr;%s;s;%s;0;q""
      updateDNSA "nsupdate -f -h%s -s"d;a;*;a;a;%s;s;%s;3110400;q""
      releaseDNSA "nsupdate -f -h%s  -s"d;a;%s;s;%s;0;q""
      supportBOOTP no
      supportUnlistedClients yes
      allRoutesBroadcast no
       
      appendDomainName yes
      canonical no
      proxyARec no
      subnet 9.67.96.0 255.255.240.0 9.67.96.1-9.67.96.50 (alias=mysubnet DDNSServer=9.67.96.10
      {
        client 0 0 9.67.96.10
        option 51 900
        option 6 9.67.96.10
        option 1 255.255.240.0
        option 15 testsub.testdom
      }
      

    12. Save your changes.

    For more information on using the DHCP Server Configuration program, see the online help.


    Step 3. Configure and start the DDNS server

    Next, configure the DDNS server in one of the following ways:


    Step 4. Start the DHCP server

    To start the DHCP server, do one of the following:

    Note:

    You can display messages by using the -v (verbose) option on the DHCPSD command or in the settings for the icon.

    Step 5. Set Up the Dynamic IP client

    Configure the DHCP client, which is in the same network and subnet as the server, to operate as a Dynamic IP client (using integrated DDNS client services):

    1. Start the configuration:

    2. Fill in the information requested by the Dynamic IP client configuration program:

    3. Click Configure to send the information to the DDNS and DHCP servers and to create a key file, which is used to secure any dynamic updates requested by the client.

    The host name is then registered with the primary DDNS server, and the DNS database is updated with an address (A) record for the host. The A record maps the host name to the IP address assigned by the DHCP server and enables other hosts in the network to discover the address of the host using its name.

    After the name is registered with the DDNS server, the Dynamic IP client sends an address lease renewal request to the DHCP server. The DHCP server renews the DHCP client's lease and sends a dynamic update request to the DDNS server owning the reverse mapping for the IP address, which is in the pointer (PTR) record. The PTR record maps the IP address to the host name and enables other hosts in the network to discover the name of a host using its IP address.

    Because the DHCP server is configured to serve DNS information, the client's RESOLV2 file gets updated with this information about the domain and the name server:

    domain testsub.testdom
    nameserver 9.67.96.10
    

    Testing the quick-start Dynamic IP network

    To test the quick-start Dynamic IP network to ensure that it is operating correctly:

    1. View status information about the client by using the DHCP Client Monitor program at the client. The DHCP Client Monitor program displays status information about the DHCP address lease and the DDNS name registration process. To start the DHCP Client Monitor program, double-click the DHCP Client Monitor icon or enter dhcpmon at a command prompt.

    2. Use the PING command to query the client. At a command prompt at the Dynamic IP client, PING the client by host name as follows:
      ping host1234
      

      The information displayed indicates that the host name resolved to the IP address indicated in the lease field of the DHCP Client Monitor program and that the ping was successful.

      Note:

      You can also PING the client from the server; to do that, the server must point in its RESOLV2 file to the DDNS server, that is, to itself.

    Configuring for network availability

    The DHCP protocols do not provide for server-to-server communication to enable sharing of information, such that one DHCP server could perform as a "hot backup" in the case the other one fails. Similarly, the Dynamic DNS protocols allow only one primary Dynamic DNS server to update a particular host DNS record. With these limitations, Dynamic IP networks require careful planning in order to ensure network availability when using a single DHCP server or multiple DHCP servers and when using a Dynamic DNS server.


    Using a single DHCP server

    If you choose to use a single DHCP server to service hosts on a subnet, consider the effects of the failure of that server. Generally, the failure of a sole server will affect only DHCP clients that are attempting to join the network. Typically DHCP clients already on the network will continue operating unaffected until their lease expires. However, if the lease time is short, even those clients may lose their network access before the server can be restarted. To avoid this, if you have only one DHCP server for a subnet, you should choose a sufficiently long lease to allow time to restart or respond to the failed DHCP server. This will minimize the impact of server down-time.

    The timers associated with client DHCP lease renewal algorithms can be set at the DHCP server to help ensure that server failures do not affect network operation.


    Using multiple DHCP servers

    To avoid a single point of failure, you can configure two or more DHCP servers to serve the same subnet. If one server fails, the other can continue to serve the subnet. Each of the DHCP servers must be accessible either by direct attachment to the subnet or by using a BootP Relay agent.

    Because two DHCP servers cannot serve the same addresses, address ranges defined for a subnet must be unique across DHCP servers. Therefore, when using two or more DHCP servers to serve a particular subnet, the complete list of addresses for that subnet must be divided among the servers. For example, you could configure one server with an address range consisting of 70% of the available addresses for the subnet and the other server with an address range consisting of the remaining 30% of the available addresses.

    Using multiple DHCP servers decreases the probability of having a DHCP-related network access failure, but it does not guarantee against it. If a DHCP server for a particular subnet fails, the other DHCP server may not be able to service all the requests from new clients which may, for example, exhaust the server's limited range of available addresses.

    However, you can bias which DHCP server exhausts its range of addresses first. DHCP clients tend to select the DHCP server offering more options. To bias service toward the DHCP server with 70% of the available addresses, offer fewer DHCP options from the server holding 30% of the available addresses for the subnet.


    DDNS servers

    Because only one primary Dynamic DNS server allows updates for any particular host, the failure of that DDNS server will delay, but not prevent, those hosts from registering new DNS record information. The NSUPDATE program, when used by an IBM DHCP server for hostname updates, will save the updates and retry them later. Primary DDNS server failure can temporarily impair the ability of other hosts in the network to retrieve existing information about a particular host; that is, if the DDNS server is down when a client host attaches to the network, the name registration by the client host is delayed and information about the host is not immediately available in DNS.

    If the primary DDNS server fails after a client host registers its name, information about the host may still be available if there are other DNS servers in the network acting as secondaries for the zone of the client host. In this case, the information in the secondary DNS servers will be available for the period of time according to the DDNS record expiration time, which is based on the DHCP lease time in Dynamic IP hosts.

    Accordingly, there is no strategy for having multiple DDNS servers enable updates for a pool of Dynamic IP hosts. There can be only one DDNS server primary for a particular DNS zone. You can, however, use one or more DNS servers as secondaries for a zone in order to enhance the availability of the hostname resolution to other hosts in the network in the event of a primary DDNS server failure.


    Enabling host mobility

    Dynamic IP is well suited for use in networking mobile hosts, such as laptop computers. When accessing a Dynamic IP network, Dynamic IP clients can automatically obtain and implement configuration information and register their current location/address with the Dynamic DNS server. And, because the DHCP server can provide location-specific configuration information, mobile clients can be assured of always having an accurate configuration.

    If you move the Dynamic IP client host out of its current subnet, you will need to reboot it if it is a Windows 95 or Windows NT workstation (or renew its lease) to obtain configuration information for the new location and to update the Dynamic DNS server with the new IP address. Clients running TCP/IP Version 4.1 do not have to reboot. Because the Dynamic DNS server that you update remains constant, other hosts will be able to reach you using your fully-qualified host name even if you move out of the domain. To illustrate:

    Fred works at the Phoenix location of Acme Corporation. His host name is fredb and his domain is dynamic.acme.com. Each time he starts his laptop, he is allocated an address by one of the DHCP servers in his network and updates are made to the local Dynamic DNS server, named ns-updates.dynamic.acme.com, to map his new address to his host name (and vice versa). Fred's co-workers can reach him using the host name of fredb.dynamic.acme.com.

    One week later, Fred is asked to help out in the Dallas office. He takes his laptop with him. When he starts his laptop, he is allocated an address by one of the DHCP servers in the Dallas network. He updates his home Dynamic DNS server, ns-updates.dynamic.acme.com, with his new IP address. Therefore, assuming the Phoenix network and the Dallas network are connected, Fred can still be reached using fredb.dynamic.acme.com.

    Note:

    For efficient name resolution, the client will use the local DNS server to resolve host names.

    Securing your Dynamic IP network

    The DHCP protocol specification does not include any mechanisms to limit access to DHCP services. Therefore, DHCP does not increase or decrease an IP network's exposure to unauthorized access.

    Dynamic DNS, however, does provide mechanisms to prevent unauthorized access to Dynamic DNS update services. DNS security extensions are used in DDNS to authenticate hosts that request to enter or change entries in the DDNS server database. Without client authentication, an unauthorized host, perhaps one with malicious intent, could impersonate an authorized host by remapping the address entry. Once the remapping occurred, data intended for the authorized host, such as login passwords, could be intercepted by the impersonating host.

    IBM's DDNS servers support two modes of controlling updates for a particular dynamic DNS zone: dynamic secured and dynamic presecured.

    In either mode, the IBM Dynamic DNS client and server use RSA public key digital signature technology to authenticate DDNS update requests.

    For more information, refer to DNS Administration.


    Notices

    Fourth Edition (October 1998)

    The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions; therefore, this statement may not apply to you.

    This publication might include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time.

    This publication was developed for products and services offered in the United States of America. IBM may not offer the products, services, or features discussed in this document in other countries, and the information is subject to change without notice. Consult your local IBM representative for information on the products, services, and features available in your area.

    Requests for technical information about IBM products should be made to your IBM reseller or IBM marketing representative.


    Copyright Notices

    © Copyright International Business Machines Corporation 1996, 1998. All rights reserved.

    Note to U.S. government Users -- Documentation related to restricted rights -- Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.

    IBM is required to include the following statements in order to distribute portions of this document and the software described herein.

    __________________________________

    The TCP/IP client and server software included herein contains network security technology licensed from RSA Data Security, Inc. This technology is licensed solely for use with software using technology previously licensed from RSA Data Security, Inc.


    Disclaimers

    References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM product, program or service is not intended to state or imply that only IBM's product, program, or service may be used. Subject to IBM's valid intellectual property or other legally protectable rights, any functionally equivalent product, program, or service may be used instead of the IBM product, program, or service. Evaluation and verification of operation in conjunction with other products, programs, or services, except those expressly designated by IBM, are the user's responsibility.

    IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:

       IBM Director of Licensing
       IBM Corporation
       500 Columbus Avenue
       Thornwood, NY 10594
       U.S.A.
    

    Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact IBM Corporation, Department LZKS, 11400 Burnet Road, Austin, TX 78758, U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.


    Acknowledgments

    TCP/IP for OS/2 incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code, and the original compression sources are freely available from Compuserve in the OS2USER forum and by anonymous ftp from the Internet site ftp.uu.net:/pub/archiving/zip.


    Trademarks

    The following terms are trademarks of the IBM Corporation in the United States or other countries or both:

    The following terms are trademarks of other companies:

    Microsoft, Windows, and the Windows 95 logo are trademarks or registered trademarks of Microsoft Corporation.

    Other company, product, and service names which may be denoted by a double asterisk (**), may be trademarks or service marks of others.