DHCP
Reverse ARP used to be used to allow hosts to find their IP address if they knew their
Ethernet address. But more information than just the IP address was needed.
BOOTP was developed to allow more information to be transmitted to the
host at boot time, including netmask, default route, DNS servers etc...
DHCP is a super-set of BOOTP (and usually backwards compatible)
It allow configuration information to "time out". Addresses are
"leased" to end stations.
RFC 2131 R. Droms, "Dynamic Host Configuration Protocol", 3/97. Supersedes RFC 1541 and RFC 1531.
RFC 2132 S. Alexander, R. Droms, "DHCP Options and BOOTP Vendor Extensions", 3/97. Supersedes RFC 1533.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| op (1) | htype (1) | hlen (1) | hops (1) |
+---------------+---------------+---------------+---------------+
| xid (4) |
+-------------------------------+-------------------------------+
| secs (2) | flags (2) |
+-------------------------------+-------------------------------+
| ciaddr (4) |
+---------------------------------------------------------------+
| yiaddr (4) |
+---------------------------------------------------------------+
| siaddr (4) |
+---------------------------------------------------------------+
| giaddr (4) |
+---------------------------------------------------------------+
| |
| chaddr (16) |
| |
| |
+---------------------------------------------------------------+
| |
| sname (64) |
+---------------------------------------------------------------+
| |
| file (128) |
+---------------------------------------------------------------+
| |
| options (variable) |
+---------------------------------------------------------------+
FIELD OCTETS DESCRIPTION
----- ------ -----------
op 1 Message op code / message type.
1 = BOOTREQUEST, 2 = BOOTREPLY
htype 1 Hardware address type, see ARP section in "Assigned
Numbers" RFC; e.g., '1' = 10mb ethernet.
hlen 1 Hardware address length (e.g. '6' for 10mb
ethernet).
hops 1 Client sets to zero, optionally used by relay agents
when booting via a relay agent.
xid 4 Transaction ID, a random number chosen by the
client, used by the client and server to associate
messages and responses between a client and a
server.
secs 2 Filled in by client, seconds elapsed since client
began address acquisition or renewal process.
flags 2 Flags - most significant bit is client request for
broadcast HW address in reply
ciaddr 4 Client IP address; only filled in if client is in
BOUND, RENEW or REBINDING state and can respond
to ARP requests.
yiaddr 4 'your' (client) IP address.
siaddr 4 IP address of next server to use in bootstrap;
returned in DHCPOFFER, DHCPACK by server.
giaddr 4 Relay agent IP address, used in booting via a
relay agent.
chaddr 16 Client hardware address.
sname 64 Optional server host name, null terminated string.
file 128 Boot file name, null terminated string; "generic"
name or null in DHCPDISCOVER, fully qualified
directory-path name in DHCPOFFER.
options var Optional parameters field. See the options
documents for a list of defined options.
DHCPDISCOVER - Client broadcast to locate available servers.
DHCPOFFER - Server to client in response to DHCPDISCOVER with
offer of configuration parameters.
DHCPREQUEST - Client message to servers either (a) requesting
offered parameters from one server and implicitly
declining offers from all others, (b) confirming
correctness of previously allocated address after,
e.g., system reboot, or (c) extending the lease on a
particular network address.
DHCPACK - Server to client with configuration parameters,
including committed network address.
DHCPNAK - Server to client indicating client's notion of network
address is incorrect (e.g., client has moved to new
subnet) or client's lease as expired
DHCPDECLINE - Client to server indicating network address is already
in use.
DHCPRELEASE - Client to server relinquishing network address and
canceling remaining lease.
DHCPINFORM - Client to server, asking only for local configuration
parameters; client already has externally configure
Clients (that do not have valid IP addresses send DHCP discover and
DHCP request packets in broadcast ethernet frames. It uses the UDP IP
protocol, and it uses a destination port of 67.
Server will communicate back with the client using UDP with a destination port of 68. It may or may not use a broadcast IP address and ethernet frame (depending on how the client set flags).
Leases are handed out for a specified number of seconds. Clients renew leases (using DHCPREQUEST) before they expire (DEFAULT is 1/2 of lease time)
When renewing a DHCP lease the client (if it still has a valid IP address) sends a unicast DHCP request to the DHCP server it knows about. If the server doesn't respond or returns a DHCP NAK message, the client has to go back to the beginning of the process with a DHCP discover.
DHCP servers can (and often do) hand out other information besides IP address/netmask/default router. Other information might include
DNS servers Time server Log server Host nameSince DHCP clients put DHCP discover and DHCP request packets in broadcast ethernet frames if they do not already have a valid IP address, you need to have a DHCP server on each IP network (broadcast domain). This can be logistically difficult. Most modern routers can provide a dhcp relay function where they listen on all their connected networks for broadcast DHCP discover or DHCP request packets and then forward them to a pre programmed set of DHCP servers.
When a DHCP relay does this it fills in the GIADDR field of the DHCP packet with the address of the interface is connected to the station that made the request. This way the DHCP server knows what network the request came from.
DNS is used for turning names into numbers, and vice versa. It is a world wide distributed database.
Names have no meaning other than that which DNS gives them. Subdomains do not correspond to subnets
DNS is a hierarchical system of "zones". A zone hierarchically organized from right (higher level zones) to left (lower sub-zones) and separated by periods.
The top level zone is . (known as the root zone). .edu and .com are sub zones. Usually the first level sub zones are known as top level domains (TLD's).
Client makes a request of 1 or more DNS servers (usually sequentially) Clients usually use UDP to make DNS requests. The client sends a DNS request to the DNS server, the DNS does the work of resolving the request, and then sends the answer to the client.
The client has to be told what DNS servers to use, usually via manual configuration or DHCP protocol.
DNS servers start from the right hand side of the name in the request, and reviews its cache for information, it asks for information from servers from higher zones if none is in cache. Every server has locations of root servers programmed in. As servers receive replies from other servers, they cache this information locally so that on future queries they do not need to talk to other servers, they can answer directly from the cache.
A DNS server can be authoritative for no zone (caching only) or it can be authoritative for one or more zones.
Each zone must have one DNS server which is the SOA (start of authority) for the zone. It also may have one or more other servers which are authoritative for the zone but are not the master (SOA) for the zone.
Example:
Client asks for A (address) record of www.yahoo.com
Server get this request and notes that it has no information about the com zone, (it just started up) so it will look into its pre-supplied cache of root servers (for the . zone) and send a request to them asking who are the servers for .com zone. When it receives the reply it will cache this information and ask the servers for the .com zone who are the servers for the yahoo.com zone. It will cache this info as well then ask the servers for the yahoo.com zone for the A record (address) o www.yahoo.com. It will cache this and send a response back to the client.
If another client asks for www.yahoo.com the server checks its cache and if he data is still valid it will send it back to the client...
All data is returned with a TTL. (Time to live) in seconds. Servers invalidate the cache entry for the data when the ttl expires.
Servers can be authoritative for a zone, which means they are final authority for those names within the zone.
One server is the Start Of Authority. This is the master source of all information about the zone. All other authoritative servers are just mirrors of this one.
Servers can also be caching only. They are authoritative for no names in any zones.
There are many types of data that can be specified in a zone. Some common ones are
A - IP address data CNAME - Cannonical name (this is an alias) MX - Mail exchanger (where to send mail for this name) NS - who are the authoritative name servers for this domain name SOA - who is THE one master name server for this domain PTR - host name pointer recordsnslookup can be used to query servers manually.
Applications query servers automatically. What DNS servers to query is information that needs to be configured on a host. DHCP will sometimes do this.
A host can have more than one address. An application can choose to only pay attention to the first address returned or to all of the addresses returned.
reverse DNS is used to turn numbers into names. It *is* based on the IP address. If you wanted to find the name associated with 131.94.130.219 you would query for the PTR
219.130.94.131.in-addr.arpa
and if nothing was in the cache you would query the in-addr.arpa zone for who serves the 131.in-addr.arpa zone. Then ask that server who serves 94.131.in-addr.arpa zone, then ask that server who serves 130.94.131.in-addr.arpa zone and then ask that server for the PTR record of 219.130.94.131.in-addr.arpa (caching everything along the way)
Tools to help you explore the DNS system:
nslookup
dig (unix)
host (unix)