wiki:HostnameSanitizer

kea-dhcp4 Client Host Name Sanitizer Requirements

Migrated to Gitlab, please update at: https://gitlab.isc.org/isc-projects/kea/wikis/designs/hostname-sanitizer


This page documents requirements for client host name sanitizer, a new Kea 1.5 feature that will allow kea-dhcp4 and kea-dhcp6 to be configured to sanitize values received from DHCPv4 clients via Host Name or FQDN (codes 12 and 81 respectively), or DHCPv6 clients via the FQDN option (option code 39).

Kea 1.4.0, the servers provide the ability to use these values, to construct the FQDN used for that client in DNS entries. Some DHCP clients may provide values that contain undesirable characters. It is should be possible to configure kea-dhcp4 and kea-dhcp6 to sanitize these values. The most typical use case would be ensuring that only characters that are permitted by RFC 953 be included: A-Z,a-z,0-9, and '-'.

The following requirements apply to both kea-dhcp4 and kea-dhcp6:

S1. Client host name sanitation MUST be configurable.

S2. A mode where client host name sanitation is disabled MUST be supported.

S3. The client host name sanitation MUST be disabled by default.

S4. The set of invalid characters to be replaced MUST be configurable.

S4.1. Specifying an empty expression, "", MUST disable client host name sanitation. S4.2 Specifying the set of invalid characters via configuration file MUST be supported. S4.3 Specifying the set of invalid characters as a regular expression MUST be supported. S4.4 An invalid regular expression MUST be detected during configuration processing and MUST cause a configuration error.

S5. Specifying a single replacement string, to be used for all invalid characters, MUST be supported.

S5.1 Specifying the replacement string via configuration file MUST be supported. S5.2 Specifying an empty replacement string SHOULD cause invalid characters to be dropped S5.3 Specifying a replacement string of more than one character should cause each invalid character to be replaced by the entire replacement string.

In the following requirements "name option" refers to any of the three prescribed options: v4 Host Name, v4 FQDN, or v6 FQDN

S6. When client host name sanitation is disabled, and the client sends a name option, and all other related rules lead to the use of the that option value in forming the FQDN name, that value MUST be used as received when constructing the FQDN.

S7. When client host name sanitation is enabled, and the client sends a name option, and all other related rules lead to the use of the that option value in forming the FQDN name, that value MUST first be sanitized as follows, before constructing the FQDN:

S7.1 Each character in the original value MUST be evaluated, in order from the beginning of the value to the end, for membership in the invalid set of characters

S7.2 Each character in the original value, that does not match the set of invalid characters, MUST be retained in the resultant sanitized value.

S7.3 Each character in the original value, that does match the set of invalid characters, MUST be replaced by the entire replacement string in the resultant sanitized value.

S8. When sanitizing FQDN option values (either v4 or v6), the delimiting dots that separate domain labels, in the original value will be preserved.

Last modified 7 months ago Last modified on Aug 17, 2018, 11:38:11 PM