DHCP Server Verification by Client Via DNSSEC

Document Type Expired Internet-Draft (individual)
Authors Ólafur Guðmundsson  , Robert Watson 
Last updated 1997-07-30
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The document defines a mechanism to allow a DHCP client to verify the authenticity of a DHCP server configuration offer using DNSSEC. Currently DHCP clients have no way to assess which of DHCP OFFERS are from valid DHCP servers, and which are not. Malicious DHCP servers can cause various network problems for unsuspecting clients. In order to support DHCP server authorization a new DNS Resource Record type (ALLOC) is added. Using the ALLOC record in combination with the servers KEY record the client can authoritatively assess if the server is authorized.


Ólafur Guðmundsson (ogud@ogud.com)
Robert Watson (robert+ietf@cyrus.watson.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)