</listitem>
<listitem>
<simpara>
- Server doesn't act upon expired leases. In particular, when the lease
- expires, the server doesn't request removal of DNS records associated
- with the lease.
+ The server doesn't act upon expired leases. In particular,
+ when a lease expires, the server doesn't request the removal
+ of the DNS records associated with it.
</simpara>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink>: Supported options are IA_PD and
- IA_PREFIX. New status code: NoPrefixAvail.</simpara>
+ IA_PREFIX. Also supported is the status code NoPrefixAvail.</simpara>
</listitem>
<listitem>
<simpara><ulink url="http://tools.ietf.org/html/rfc3646">RFC 3646</ulink>: Supported option is DNS_SERVERS.</simpara>
</listitem>
<listitem>
<simpara>
- Server will allocate, renew or rebind maximum one lease for a
- particular IA option (IA_NA or IA_PD) sent by a client.
+ The server will allocate, renew or rebind a maximum of one lease
+ for a particular IA option (IA_NA or IA_PD) sent by a client.
<ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink> and
<ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink> allow
for multiple addresses or prefixes to be allocated for a single IA.
</listitem>
<listitem>
<simpara>
- Server doesn't act upon expired leases. In particular, when the lease
- expires, the server doesn't request removal of DNS records associated
- with the lease.
+ The server doesn't act upon expired leases. In particular,
+ when a lease expires, the server doesn't request removal of
+ the DNS records associated with it.
</simpara>
</listitem>
</itemizedlist>
The server may be configured to listen over IPv4 or IPv6, therefore
ip-address may an IPv4 or IPv6 address.
</para>
- <note>
+ <warning>
<simpara>
- When DHCP-DDNS server is configured to listen at address other than
- loopback address (127.0.0.1 or ::1), it is possible for the malicious
- attacker to spoof the server. Therefore, other addresses should only
- be used for testing purposes! In the future, an authentication
- will be implemented to guard against spoofing attacks.
+ When the DHCP-DDNS server is configured to listen at an address
+ other than the loopback address (127.0.0.1 or ::1), it is possible
+ for a malicious attacker to send bogus NameChangeRequests to it
+ and change entries in the DNS. For this reason, addresses other
+ than the IPv4 or IPv6 loopback addresses should only be used
+ for testing purposes. A future version of Kea will implement
+ authentication to guard against such attacks.
</simpara>
- </note>
+ </warning>
<note>
<simpara>
<itemizedlist>
<listitem>
<simpara>
- As requests are received from the DHCP servers they are placed om a queue.
- These requests are currently not persisted across shutdowns and so cannot
- be recovered.
+ Requests are received from the DHCP servers are placed in a
+ queue until they are processed. Currently all queued requests
+ are lost when the server shuts down.
</simpara>
- </listitem>
- <listitem>
+ </listitem> <listitem>
<simpara>
- TSIG Authentication (<ulink url="http://tools.ietf.org/html/rfc2845">RFC 2845</ulink>)
+ TSIG Authentication (<ulink
+ url="http://tools.ietf.org/html/rfc2845">RFC 2845</ulink>)
is not supported yet.
</simpara>
</listitem>