philipp / rpms / dhcp

Forked from rpms/dhcp 4 years ago
Clone

Blame SOURCES/dhcp-4.2.5-standard_ddns.patch

22375d
diff --git a/client/dhclient.8 b/client/dhclient.8
22375d
index a29757a..c66a912 100644
22375d
--- a/client/dhclient.8
22375d
+++ b/client/dhclient.8
22375d
@@ -56,6 +56,12 @@ dhclient - Dynamic Host Configuration Protocol Client
22375d
 ]
22375d
 ]
22375d
 [
22375d
+.B -i
22375d
+]
22375d
+[
22375d
+.B -I
22375d
+]
22375d
+[
22375d
 .B -D
22375d
 .I LL|LLT
22375d
 ]
22375d
@@ -441,6 +447,17 @@ Set the giaddr field of all packets to the \fIrelay\fR IP address
22375d
 simulating a relay agent.  This is for testing pruposes only and
22375d
 should not be expected to work in any consistent or useful way.
22375d
 .TP
22375d
+.BI \-i
22375d
+Use a DUID with DHCPv4 clients.  If no DUID is available in the
22375d
+lease file one will be constructed and saved.  The DUID will be
22375d
+used to contstuct a RFC4361 style client id that will be included
22375d
+in the client's messages.  This client id can be overridden by
22375d
+setting a client id in the configuration file.  Overridding the
22375d
+client id in this fashion is discouraged.
22375d
+.TP
22375d
+.BI \-I
22375d
+Use the standard DDNS scheme from RFCs 4701 & 4702.  
22375d
+.TP
22375d
 .BI \--version
22375d
 Print version number and exit.
22375d
 .PP
22375d
@@ -470,8 +487,10 @@ DHCPv6 \fBdhclient\fR creates an identifier based on the link-layer address
22375d
 (DUID-LL) if it is running in stateless mode (with \fB\-S\fR, not
22375d
 requesting an address), or it creates an identifier based on the
22375d
 link-layer address plus a timestamp (DUID-LLT) if it is running in
22375d
-stateful mode (without \fB\-S\fR, requesting an address).  \fB\-D\fR
22375d
-overrides this default, with a value of either \fILL\fR or \fILLT\fR.
22375d
+stateful mode (without \fB\-S\fR, requesting an address).  When DHCPv4
22375d
+is configued to use a DUID using \fB\-i\fR option the default is to use
22375d
+a DUID-LLT.  \fB\-D\fR
22375d
+overrides these default, with a value of either \fILL\fR or \fILLT\fR.
22375d
 .TP
22375d
 .BI \-N
22375d
 .\" TODO: is this for telling an already running dhclient?
22375d
diff --git a/client/dhclient.c b/client/dhclient.c
22375d
index 0db4703..6403754 100644
22375d
--- a/client/dhclient.c
22375d
+++ b/client/dhclient.c
22375d
@@ -79,6 +79,8 @@ struct sockaddr_in sockaddr_broadcast;
22375d
 struct in_addr giaddr;
22375d
 struct data_string default_duid;
22375d
 int duid_type = 0;
22375d
+int duid_v4 = 0;
22375d
+int std_dhcid = 0;
22375d
 
22375d
 /* ASSERT_STATE() does nothing now; it used to be
22375d
    assert (state_is == state_shouldbe). */
22375d
@@ -325,12 +327,9 @@ main(int argc, char **argv) {
22375d
 				wanted_ia_na = 0;
22375d
 			}
22375d
 			wanted_ia_pd++;
22375d
+#endif /* DHCPv6 */
22375d
 		} else if (!strcmp(argv[i], "-D")) {
22375d
-			if (local_family_set && (local_family == AF_INET)) {
22375d
-				usage();
22375d
-			}
22375d
-			local_family_set = 1;
22375d
-			local_family = AF_INET6;
22375d
+			duid_v4 = 1;
22375d
 			if (++i == argc)
22375d
 				usage();
22375d
 			if (!strcasecmp(argv[i], "LL")) {
22375d
@@ -340,7 +339,12 @@ main(int argc, char **argv) {
22375d
 			} else {
22375d
 				usage();
22375d
 			}
22375d
-#endif /* DHCPv6 */
22375d
+		} else if (!strcmp(argv[i], "-i")) {
22375d
+			/* enable DUID support for DHCPv4 clients */
22375d
+			duid_v4 = 1;
22375d
+		} else if (!strcmp(argv[i], "-I")) {
22375d
+			/* enable standard DHCID support for DDNS updates */
22375d
+			std_dhcid = 1;
22375d
 		} else if (!strcmp(argv[i], "-v")) {
22375d
 			quiet = 0;
22375d
 		} else if (!strcmp(argv[i], "--version")) {
22375d
@@ -970,12 +974,13 @@ main(int argc, char **argv) {
22375d
 		}
22375d
 	}
22375d
 
22375d
-	/* Start a configuration state machine for each interface. */
22375d
-#ifdef DHCPv6
22375d
-	if (local_family == AF_INET6) {
22375d
-		/* Establish a default DUID.  This may be moved to the
22375d
-		 * DHCPv4 area later.
22375d
-		 */
22375d
+
22375d
+	/*
22375d
+	 * Establish a default DUID.  We always do so for v6 and
22375d
+	 * do so if desired for v4 via the -D or -i options
22375d
+	 */
22375d
+	if ((local_family == AF_INET6) ||
22375d
+	    ((local_family == AF_INET) && (duid_v4 == 1))) {
22375d
 		if (default_duid.len == 0) {
22375d
 			if (default_duid.buffer != NULL)
22375d
 				data_string_forget(&default_duid, MDL);
22375d
@@ -983,7 +988,11 @@ main(int argc, char **argv) {
22375d
 			if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS)
22375d
 				write_duid(&default_duid);
22375d
 		}
22375d
+	}
22375d
 
22375d
+	/* Start a configuration state machine for each interface. */
22375d
+#ifdef DHCPv6
22375d
+	if (local_family == AF_INET6) {
22375d
 		for (ip = interfaces ; ip != NULL ; ip = ip->next) {
22375d
 			for (client = ip->client ; client != NULL ;
22375d
 			     client = client->next) {
22375d
@@ -1115,9 +1124,9 @@ static void usage()
22375d
 
22375d
 	log_fatal("Usage: dhclient "
22375d
 #ifdef DHCPv6
22375d
-		  "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]\n"
22375d
+		  "[-4|-6] [-SNTPI1dvrxi] [-nw] [-p <port>] [-D LL|LLT] \n"
22375d
 #else /* DHCPv6 */
22375d
-		  "[-1dvrx] [-nw] [-p <port>]\n"
22375d
+		  "[-I1dvrxi] [-nw] [-p <port>] [-D LL|LLT] \n"
22375d
 #endif /* DHCPv6 */
22375d
 		  "                [-s server-addr] [-cf config-file] "
22375d
 		  "[-lf lease-file]\n"
22375d
@@ -2823,24 +2832,24 @@ make_client_options(struct client_state *client, struct client_lease *lease,
22375d
 	unsigned i;
22375d
 	struct option_cache *oc;
22375d
 	struct option *option = NULL;
22375d
-	struct buffer *bp = (struct buffer *)0;
22375d
+	struct buffer *bp = NULL;
22375d
 
22375d
 	/* If there are any leftover options, get rid of them. */
22375d
 	if (*op)
22375d
-		option_state_dereference (op, MDL);
22375d
+		option_state_dereference(op, MDL);
22375d
 
22375d
 	/* Allocate space for options. */
22375d
-	option_state_allocate (op, MDL);
22375d
+	option_state_allocate(op, MDL);
22375d
 
22375d
 	/* Send the server identifier if provided. */
22375d
 	if (sid)
22375d
-		save_option (&dhcp_universe, *op, sid);
22375d
+		save_option(&dhcp_universe, *op, sid);
22375d
 
22375d
-	oc = (struct option_cache *)0;
22375d
+	oc = NULL;
22375d
 
22375d
 	/* Send the requested address if provided. */
22375d
 	if (rip) {
22375d
-		client -> requested_address = *rip;
22375d
+		client->requested_address = *rip;
22375d
 		i = DHO_DHCP_REQUESTED_ADDRESS;
22375d
 		if (!(option_code_hash_lookup(&option, dhcp_universe.code_hash,
22375d
 					      &i, 0, MDL) &&
22375d
@@ -2848,22 +2857,22 @@ make_client_options(struct client_state *client, struct client_lease *lease,
22375d
 					      option, MDL)))
22375d
 			log_error ("can't make requested address cache.");
22375d
 		else {
22375d
-			save_option (&dhcp_universe, *op, oc);
22375d
-			option_cache_dereference (&oc, MDL);
22375d
+			save_option(&dhcp_universe, *op, oc);
22375d
+			option_cache_dereference(&oc, MDL);
22375d
 		}
22375d
 		option_dereference(&option, MDL);
22375d
 	} else {
22375d
-		client -> requested_address.len = 0;
22375d
+		client->requested_address.len = 0;
22375d
 	}
22375d
 
22375d
 	i = DHO_DHCP_MESSAGE_TYPE;
22375d
 	if (!(option_code_hash_lookup(&option, dhcp_universe.code_hash, &i, 0,
22375d
 				      MDL) &&
22375d
 	      make_const_option_cache(&oc, NULL, type, 1, option, MDL)))
22375d
-		log_error ("can't make message type.");
22375d
+		log_error("can't make message type.");
22375d
 	else {
22375d
-		save_option (&dhcp_universe, *op, oc);
22375d
-		option_cache_dereference (&oc, MDL);
22375d
+		save_option(&dhcp_universe, *op, oc);
22375d
+		option_cache_dereference(&oc, MDL);
22375d
 	}
22375d
 	option_dereference(&option, MDL);
22375d
 
22375d
@@ -2876,8 +2885,8 @@ make_client_options(struct client_state *client, struct client_lease *lease,
22375d
 			if (prl[i]->universe == &dhcp_universe)
22375d
 				len++;
22375d
 
22375d
-		if (!buffer_allocate (&bp, len, MDL))
22375d
-			log_error ("can't make parameter list buffer.");
22375d
+		if (!buffer_allocate(&bp, len, MDL))
22375d
+			log_error("can't make parameter list buffer.");
22375d
 		else {
22375d
 			unsigned code = DHO_DHCP_PARAMETER_REQUEST_LIST;
22375d
 
22375d
@@ -2891,15 +2900,69 @@ make_client_options(struct client_state *client, struct client_lease *lease,
22375d
 						      &code, 0, MDL) &&
22375d
 			      make_const_option_cache(&oc, &bp, NULL, len,
22375d
 						      option, MDL)))
22375d
-				log_error ("can't make option cache");
22375d
+				log_error("can't make option cache");
22375d
 			else {
22375d
-				save_option (&dhcp_universe, *op, oc);
22375d
-				option_cache_dereference (&oc, MDL);
22375d
+				save_option(&dhcp_universe, *op, oc);
22375d
+				option_cache_dereference(&oc, MDL);
22375d
 			}
22375d
 			option_dereference(&option, MDL);
22375d
 		}
22375d
 	}
22375d
 
22375d
+	/*
22375d
+	 * If requested (duid_v4 == 1) add an RFC4361 compliant client-identifier
22375d
+	 * This can be overridden by including a client id in the configuration
22375d
+	 * file.
22375d
+	 */
22375d
+ 	if (duid_v4 == 1) {
22375d
+		struct data_string client_identifier;
22375d
+		int hw_idx, hw_len;
22375d
+
22375d
+		memset(&client_identifier, 0, sizeof(client_identifier));
22375d
+		client_identifier.len = 1 + 4 + default_duid.len;
22375d
+		if (!buffer_allocate(&client_identifier.buffer,
22375d
+				     client_identifier.len, MDL))
22375d
+			log_fatal("no memory for default DUID!");
22375d
+		client_identifier.data = client_identifier.buffer->data;
22375d
+
22375d
+		i = DHO_DHCP_CLIENT_IDENTIFIER;
22375d
+
22375d
+		/* Client-identifier type : 1 byte */
22375d
+		*client_identifier.buffer->data = 255;
22375d
+		
22375d
+		/* IAID : 4 bytes
22375d
+		 * we use the low 4 bytes from the interface address
22375d
+		 */
22375d
+		if (client->interface->hw_address.hlen > 4) {
22375d
+			hw_idx = client->interface->hw_address.hlen - 4;
22375d
+			hw_len = 4;
22375d
+		} else {
22375d
+			hw_idx = 0;
22375d
+			hw_len = client->interface->hw_address.hlen;
22375d
+		}
22375d
+		memcpy(&client_identifier.buffer->data + 5 - hw_len,
22375d
+		       client->interface->hw_address.hbuf + hw_idx,
22375d
+		       hw_len);
22375d
+	
22375d
+		/* Add the default duid */
22375d
+		memcpy(&client_identifier.buffer->data+(1+4),
22375d
+		       default_duid.data, default_duid.len);
22375d
+
22375d
+		/* And save the option */
22375d
+		if (!(option_code_hash_lookup(&option, dhcp_universe.code_hash,
22375d
+					      &i, 0, MDL) &&
22375d
+		      make_const_option_cache(&oc, NULL,
22375d
+					      (u_int8_t *)client_identifier.data,
22375d
+					      client_identifier.len,
22375d
+					      option, MDL)))
22375d
+			log_error ("can't make requested client id cache..");
22375d
+		else {
22375d
+			save_option (&dhcp_universe, *op, oc);
22375d
+			option_cache_dereference (&oc, MDL);
22375d
+		}
22375d
+		option_dereference(&option, MDL);
22375d
+	}
22375d
+
22375d
 	/* Run statements that need to be run on transmission. */
22375d
 	if (client -> config -> on_transmission)
22375d
 		execute_statements_in_scope
22375d
@@ -4522,6 +4585,7 @@ client_dns_update(struct client_state *client, dhcp_ddns_cb_t *ddns_cb)
22375d
 	struct option_cache *oc;
22375d
 	int ignorep;
22375d
 	int result;
22375d
+	int ddns_v4_type;
22375d
 	isc_result_t rcode;
22375d
 
22375d
 	/* If we didn't send an FQDN option, we certainly aren't going to
22375d
@@ -4564,47 +4628,82 @@ client_dns_update(struct client_state *client, dhcp_ddns_cb_t *ddns_cb)
22375d
 				    &global_scope, oc, MDL))
22375d
 		return ISC_R_SUCCESS;
22375d
 
22375d
-	/* If this is a DHCPv6 client update, make a dhcid string out of
22375d
-	 * the DUID.  If this is a DHCPv4 client update, choose either
22375d
-	 * the client identifier, if there is one, or the interface's
22375d
-	 * MAC address.
22375d
+        /*
22375d
+	 * Construct the DHCID value for use in the DDNS update process
22375d
+	 * We have the newer standard version and the older interim version
22375d
+	 * chosen by the '-I' option.  The interim version is left as is
22375d
+	 * for backwards compatibility.  The standard version is based on
22375d
+	 * RFC 4701 section 3.3
22375d
 	 */
22375d
+
22375d
 	result = 0;
22375d
 	memset(&client_identifier, 0, sizeof(client_identifier));
22375d
-	if (client->active_lease != NULL) {
22375d
-		if (((oc =
22375d
-		      lookup_option(&dhcpv6_universe, client->sent_options,
22375d
-				    D6O_CLIENTID)) != NULL) &&
22375d
-		    evaluate_option_cache(&client_identifier, NULL, NULL,
22375d
-					  client, client->sent_options, NULL,
22375d
+
22375d
+        if (std_dhcid == 1) {
22375d
+          /* standard style */
22375d
+          ddns_cb->dhcid_class = dns_rdatatype_dhcid;
22375d
+          ddns_v4_type = 1;
22375d
+	} else {
22375d
+          /* interim style */
22375d
+          ddns_cb->dhcid_class = dns_rdatatype_txt;
22375d
+          /* for backwards compatibility */
22375d
+          ddns_v4_type = DHO_DHCP_CLIENT_IDENTIFIER;
22375d
+	}
22375d
+
22375d
+        	if (client->active_lease != NULL) {
22375d
+		/* V6 request, get the client identifier, then
22375d
+		 * construct the dhcid for either standard 
22375d
+		 * or interim */
22375d
+		if (((oc = lookup_option(&dhcpv6_universe,
22375d
+					 client->sent_options,
22375d
+					 D6O_CLIENTID)) != NULL) &&
22375d
+		    evaluate_option_cache(&client_identifier, NULL,
22375d
+					  NULL, client,
22375d
+					  client->sent_options, NULL,
22375d
 					  &global_scope, oc, MDL)) {
22375d
-			/* RFC4701 defines type '2' as being for the DUID
22375d
-			 * field.  We aren't using RFC4701 DHCID RR's yet,
22375d
-			 * but this is as good a value as any.
22375d
-			 */
22375d
-			result = get_dhcid(&ddns_cb->dhcid, 2,
22375d
+			result = get_dhcid(ddns_cb, 2,
22375d
 					   client_identifier.data,
22375d
 					   client_identifier.len);
22375d
 			data_string_forget(&client_identifier, MDL);
22375d
 		} else
22375d
 			log_fatal("Impossible condition at %s:%d.", MDL);
22375d
 	} else {
22375d
-		if (((oc =
22375d
-		      lookup_option(&dhcp_universe, client->sent_options,
22375d
-				    DHO_DHCP_CLIENT_IDENTIFIER)) != NULL) &&
22375d
-		    evaluate_option_cache(&client_identifier, NULL, NULL,
22375d
-					  client, client->sent_options, NULL,
22375d
+		/*
22375d
+		 * V4 request, use the client id if there is one or the
22375d
+		 * mac address if there isn't.  If we have a client id
22375d
+		 * we check to see if it is an embedded DUID.
22375d
+		 */
22375d
+		if (((oc = lookup_option(&dhcp_universe,
22375d
+					 client->sent_options,
22375d
+					 DHO_DHCP_CLIENT_IDENTIFIER)) != NULL) &&
22375d
+		    evaluate_option_cache(&client_identifier, NULL,
22375d
+					  NULL, client,
22375d
+					  client->sent_options, NULL,
22375d
 					  &global_scope, oc, MDL)) {
22375d
-			result = get_dhcid(&ddns_cb->dhcid,
22375d
-					   DHO_DHCP_CLIENT_IDENTIFIER,
22375d
-					   client_identifier.data,
22375d
-					   client_identifier.len);
22375d
+			if ((std_dhcid == 1) && (duid_v4 == 1) &&
22375d
+			    (client_identifier.data[0] == 255)) {
22375d
+				/*
22375d
+				 * This appears to be an embedded DUID,
22375d
+				 * extract it and treat it as such
22375d
+				 */
22375d
+				if (client_identifier.len <= 5)
22375d
+					log_fatal("Impossible condition at %s:%d.",
22375d
+						  MDL);
22375d
+				result = get_dhcid(ddns_cb, 2,
22375d
+						   client_identifier.data + 5,
22375d
+						   client_identifier.len - 5);
22375d
+			} else {
22375d
+				result = get_dhcid(ddns_cb, ddns_v4_type,
22375d
+						   client_identifier.data,
22375d
+						   client_identifier.len);
22375d
+			}
22375d
 			data_string_forget(&client_identifier, MDL);
22375d
 		} else
22375d
-			result = get_dhcid(&ddns_cb->dhcid, 0,
22375d
+			result = get_dhcid(ddns_cb, 0,
22375d
 					   client->interface->hw_address.hbuf,
22375d
 					   client->interface->hw_address.hlen);
22375d
 	}
22375d
+
22375d
 	if (!result) {
22375d
 		return ISC_R_SUCCESS;
22375d
 	}
22375d
@@ -4886,3 +4985,4 @@ dhclient_ddns_cb_free(dhcp_ddns_cb_t *ddns_cb, char* file, int line) {
22375d
         ddns_cb_free(ddns_cb, file, line);
22375d
     }
22375d
 }
22375d
+
22375d
diff --git a/common/conflex.c b/common/conflex.c
22375d
index 4611616..c99732e 100644
22375d
--- a/common/conflex.c
22375d
+++ b/common/conflex.c
22375d
@@ -879,10 +879,6 @@ intern(char *atom, enum dhcp_token dfv) {
22375d
 	      case 'd':
22375d
 		if (!strcasecmp(atom + 1, "b-time-format"))
22375d
 			return DB_TIME_FORMAT;
22375d
-		if (!strcasecmp (atom + 1, "ns-update"))
22375d
-			return DNS_UPDATE;
22375d
-		if (!strcasecmp (atom + 1, "ns-delete"))
22375d
-			return DNS_DELETE;
22375d
 		if (!strcasecmp (atom + 1, "omain"))
22375d
 			return DOMAIN;
22375d
 		if (!strncasecmp (atom + 1, "omain-", 6)) {
22375d
@@ -1178,8 +1174,6 @@ intern(char *atom, enum dhcp_token dfv) {
22375d
 			return TOKEN_NOT;
22375d
 		if (!strcasecmp (atom + 1, "o"))
22375d
 			return TOKEN_NO;
22375d
-		if (!strcasecmp (atom + 1, "s-update"))
22375d
-			return NS_UPDATE;
22375d
 		if (!strcasecmp (atom + 1, "oerror"))
22375d
 			return NS_NOERROR;
22375d
 		if (!strcasecmp (atom + 1, "otauth"))
22375d
@@ -1496,8 +1490,6 @@ intern(char *atom, enum dhcp_token dfv) {
22375d
 		}
22375d
 		if (!strcasecmp (atom + 1, "nauthenticated"))
22375d
 			return UNAUTHENTICATED;
22375d
-		if (!strcasecmp (atom + 1, "pdated-dns-rr"))
22375d
-			return UPDATED_DNS_RR;
22375d
 		if (!strcasecmp (atom + 1, "pdate"))
22375d
 			return UPDATE;
22375d
 		break;
22375d
diff --git a/common/dns.c b/common/dns.c
22375d
index d3ac966..a04c61d 100644
22375d
--- a/common/dns.c
22375d
+++ b/common/dns.c
22375d
@@ -30,10 +30,12 @@
22375d
  * asynchronous DNS routines.
22375d
  */
22375d
 
22375d
+/*! \file common/dns.c
22375d
+ */
22375d
 #include "dhcpd.h"
22375d
 #include "arpa/nameser.h"
22375d
 #include <isc/md5.h>
22375d
-
22375d
+#include <isc/sha2.h>
22375d
 #include <dns/result.h>
22375d
 
22375d
 /*
22375d
@@ -823,45 +825,123 @@ void repudiate_zone (struct dns_zone **zone)
22375d
 	dns_zone_dereference (zone, MDL);
22375d
 }
22375d
 
22375d
-/* Have to use TXT records for now. */
22375d
-#define T_DHCID T_TXT
22375d
+/*!
22375d
+ * \brief Create an id for a client
22375d
+ *
22375d
+ * This function is used to create an id for a client to use with DDNS
22375d
+ * This version of the function is for the standard style, RFC 4701
22375d
+ *
22375d
+ * This function takes information from the type and data fields and
22375d
+ * mangles it into a dhcid string which it places in ddns_cb.  It also
22375d
+ * sets a field in ddns_cb to specify the class that should be used
22375d
+ * when sending the dhcid, in this case it is a DHCID record so we use
22375d
+ * dns_rdatatype_dhcid
22375d
+ *
22375d
+ * The DHCID we construct is:
22375d
+ *  2 bytes - identifier type (see 4701 and IANA)
22375d
+ *  1 byte  - digest type, currently only SHA256 (1)
22375d
+ *  n bytes - digest, length depends on digest type, currently 32 for
22375d
+ *            SHA256
22375d
+ *
22375d
+ * What we base the digest on is up to the calling code for an id type of
22375d
+ * 0 - 1 octet htype followed by hlen octets of chaddr from v4 client request
22375d
+ * 1 - data octets from a dhcpv4 client's client identifier option
22375d
+ * 2 - the client DUID from a v4 or v6 client's client id option
22375d
+ * This identifier is concatenated with the fqdn and the result is digested.
22375d
+ */
22375d
+int get_std_dhcid(dhcp_ddns_cb_t *ddns_cb,
22375d
+		  int type,
22375d
+		  const u_int8_t *identifier,
22375d
+		  unsigned id_len)
22375d
+{
22375d
+	struct data_string *id = &ddns_cb->dhcid;
22375d
+	isc_sha256_t sha256;
22375d
+	unsigned char buf[ISC_SHA256_DIGESTLENGTH];
22375d
+	unsigned char fwd_buf[256];
22375d
+	unsigned fwd_buflen = 0;
22375d
+
22375d
+	/* Types can only be 0..(2^16)-1. */
22375d
+	if (type < 0 || type > 65535)
22375d
+		return (0);
22375d
+
22375d
+	/* We need to convert the fwd name to wire representation */
22375d
+	if (MRns_name_pton((char *)ddns_cb->fwd_name.data, fwd_buf, 256) == -1)
22375d
+		return (0);
22375d
+	while(fwd_buf[fwd_buflen] != 0) {
22375d
+		fwd_buflen += fwd_buf[fwd_buflen] + 1;
22375d
+	}
22375d
+	fwd_buflen++;
22375d
+
22375d
+	if (!buffer_allocate(&id->buffer,
22375d
+			     ISC_SHA256_DIGESTLENGTH + 2 + 1,
22375d
+			     MDL))
22375d
+		return (0);
22375d
+	id->data = id->buffer->data;
22375d
+
22375d
+	/* The two first bytes contain the type identifier. */
22375d
+	putUShort(id->buffer->data, (unsigned)type);
22375d
+
22375d
+	/* The next is the digest type, SHA-256 is 1 */
22375d
+	putUChar(id->buffer->data + 2, 1u);
22375d
+
22375d
+	/* Computing the digest */
22375d
+	isc_sha256_init(&sha256);
22375d
+	isc_sha256_update(&sha256, identifier, id_len);
22375d
+	isc_sha256_update(&sha256, fwd_buf, fwd_buflen);
22375d
+	isc_sha256_final(buf, &sha256);
22375d
 
22375d
-int get_dhcid (struct data_string *id,
22375d
-	       int type, const u_int8_t *data, unsigned len)
22375d
+	memcpy(id->buffer->data + 3, &buf, ISC_SHA256_DIGESTLENGTH);
22375d
+
22375d
+	id->len = ISC_SHA256_DIGESTLENGTH + 2 + 1;
22375d
+
22375d
+	return (1);
22375d
+}
22375d
+
22375d
+/*!
22375d
+ *
22375d
+ * \brief Create an id for a client
22375d
+ *
22375d
+ * This function is used to create an id for a client to use with DDNS
22375d
+ * This version of the function is for the interim style.  It is retained
22375d
+ * to allow users to continue using the interim style but they should
22375d
+ * switch to the standard style (which uses get_std_dhcid) for better
22375d
+ * interoperability.  
22375d
+ *
22375d
+ * This function takes information from the type and data fields and
22375d
+ * mangles it into a dhcid string which it places in ddns_cb.  It also
22375d
+ * sets a field in ddns_cb to specify the class that should be used
22375d
+ * when sending the dhcid, in this case it is a txt record so we use
22375d
+ * dns_rdata_type_txt
22375d
+ *
22375d
+ * NOTE WELL: this function has issues with how it calculates the
22375d
+ * dhcid, they can't be changed now as that would break the records
22375d
+ * already in use.
22375d
+ */
22375d
+
22375d
+int get_int_dhcid (dhcp_ddns_cb_t *ddns_cb,
22375d
+		   int type,
22375d
+		   const u_int8_t *data,
22375d
+		   unsigned len)
22375d
 {
22375d
+	struct data_string *id = &ddns_cb->dhcid;
22375d
 	unsigned char buf[ISC_MD5_DIGESTLENGTH];
22375d
 	isc_md5_t md5;
22375d
 	int i;
22375d
 
22375d
 	/* Types can only be 0..(2^16)-1. */
22375d
 	if (type < 0 || type > 65535)
22375d
-		return 0;
22375d
+		return (0);
22375d
 
22375d
 	/*
22375d
 	 * Hexadecimal MD5 digest plus two byte type, NUL,
22375d
 	 * and one byte for length for dns.
22375d
 	 */
22375d
-	if (!buffer_allocate (&id -> buffer,
22375d
-			      (ISC_MD5_DIGESTLENGTH * 2) + 4, MDL))
22375d
-		return 0;
22375d
-	id -> data = id -> buffer -> data;
22375d
+	if (!buffer_allocate(&id -> buffer,
22375d
+			     (ISC_MD5_DIGESTLENGTH * 2) + 4, MDL))
22375d
+		return (0);
22375d
+	id->data = id->buffer->data;
22375d
 
22375d
 	/*
22375d
-	 * DHCP clients and servers should use the following forms of client
22375d
-	 * identification, starting with the most preferable, and finishing
22375d
-	 * with the least preferable.  If the client does not send any of these
22375d
-	 * forms of identification, the DHCP/DDNS interaction is not defined by
22375d
-	 * this specification.  The most preferable form of identification is
22375d
-	 * the Globally Unique Identifier Option [TBD].  Next is the DHCP
22375d
-	 * Client Identifier option.  Last is the client's link-layer address,
22375d
-	 * as conveyed in its DHCPREQUEST message.  Implementors should note
22375d
-	 * that the link-layer address cannot be used if there are no
22375d
-	 * significant bytes in the chaddr field of the DHCP client's request,
22375d
-	 * because this does not constitute a unique identifier.
22375d
-	 *   -- "Interaction between DHCP and DNS"
22375d
-	 *      <draft-ietf-dhc-dhcp-dns-12.txt>
22375d
-	 *      M. Stapp, Y. Rekhter
22375d
-	 *
22375d
 	 * We put the length into the first byte to turn 
22375d
 	 * this into a dns text string.  This avoid needing to
22375d
 	 * copy the string to add the byte later.
22375d
@@ -893,7 +973,18 @@ int get_dhcid (struct data_string *id,
22375d
 	id->buffer->data[id->len] = 0;
22375d
 	id->terminated = 1;
22375d
 
22375d
-	return 1;
22375d
+	return (1);
22375d
+}
22375d
+
22375d
+int get_dhcid(dhcp_ddns_cb_t *ddns_cb,
22375d
+	      int type,
22375d
+	      const u_int8_t *identifier,
22375d
+	      unsigned id_len)
22375d
+{
22375d
+	if (ddns_cb->dhcid_class == dns_rdatatype_dhcid)
22375d
+		return get_std_dhcid(ddns_cb, type, identifier, id_len);
22375d
+	else 
22375d
+		return get_int_dhcid(ddns_cb, type, identifier, id_len);
22375d
 }
22375d
 
22375d
 /*
22375d
@@ -1015,12 +1106,12 @@ make_dns_dataset(dns_rdataclass_t  dataclass,
22375d
  * For the server the first step will have a request of:
22375d
  * The name is not in use
22375d
  * Add an A RR
22375d
- * Add a DHCID RR (currently txt)
22375d
+ * Add a DHCID RR
22375d
  *
22375d
  * For the client the first step will have a request of:
22375d
  * The A RR does not exist
22375d
  * Add an A RR
22375d
- * Add a DHCID RR (currently txt)
22375d
+ * Add a DHCID RR
22375d
  */
22375d
 
22375d
 static isc_result_t
22375d
@@ -1062,7 +1153,7 @@ ddns_modify_fwd_add1(dhcp_ddns_cb_t   *ddns_cb,
22375d
 	dataspace++;
22375d
 
22375d
 	/* Add the DHCID RR */
22375d
-	result = make_dns_dataset(dns_rdataclass_in, dns_rdatatype_txt,
22375d
+	result = make_dns_dataset(dns_rdataclass_in, ddns_cb->dhcid_class,
22375d
 				  dataspace, 
22375d
 				  (unsigned char *)ddns_cb->dhcid.data,
22375d
 				  ddns_cb->dhcid.len, ddns_cb->ttl);
22375d
@@ -1108,7 +1199,7 @@ ddns_modify_fwd_add2(dhcp_ddns_cb_t   *ddns_cb,
22375d
 		     dns_name_t       *pname,
22375d
 		     dns_name_t       *uname)
22375d
 {
22375d
-	isc_result_t result;
22375d
+	isc_result_t result = ISC_R_SUCCESS;
22375d
 
22375d
 	/*
22375d
 	 * If we are doing conflict resolution (unset) we use a prereq list.
22375d
@@ -1117,7 +1208,7 @@ ddns_modify_fwd_add2(dhcp_ddns_cb_t   *ddns_cb,
22375d
 	if ((ddns_cb->flags & DDNS_CONFLICT_OVERRIDE) == 0) {
22375d
 		/* Construct the prereq list */
22375d
 		/* The DHCID RR exists and matches the client identity */
22375d
-		result = make_dns_dataset(dns_rdataclass_in, dns_rdatatype_txt,
22375d
+		result = make_dns_dataset(dns_rdataclass_in, ddns_cb->dhcid_class,
22375d
 					  dataspace, 
22375d
 					  (unsigned char *)ddns_cb->dhcid.data,
22375d
 					  ddns_cb->dhcid.len, 0);
22375d
@@ -1130,7 +1221,7 @@ ddns_modify_fwd_add2(dhcp_ddns_cb_t   *ddns_cb,
22375d
 		/* Start constructing the update list.
22375d
 		 * Conflict detection override: delete DHCID RRs */
22375d
 		result = make_dns_dataset(dns_rdataclass_any,
22375d
-					  dns_rdatatype_txt,
22375d
+					  ddns_cb->dhcid_class,
22375d
 					  dataspace, NULL, 0, 0);
22375d
 		if (result != ISC_R_SUCCESS) {
22375d
 			return(result);
22375d
@@ -1139,7 +1230,7 @@ ddns_modify_fwd_add2(dhcp_ddns_cb_t   *ddns_cb,
22375d
 		dataspace++;
22375d
 
22375d
 		/* Add current DHCID RR */
22375d
-		result = make_dns_dataset(dns_rdataclass_in, dns_rdatatype_txt,
22375d
+		result = make_dns_dataset(dns_rdataclass_in, ddns_cb->dhcid_class,
22375d
 					  dataspace, 
22375d
 					  (unsigned char *)ddns_cb->dhcid.data,
22375d
 					  ddns_cb->dhcid.len, ddns_cb->ttl);
22375d
@@ -1201,11 +1292,11 @@ ddns_modify_fwd_rem1(dhcp_ddns_cb_t   *ddns_cb,
22375d
 		     dns_name_t       *pname,
22375d
 		     dns_name_t       *uname)
22375d
 {
22375d
-	isc_result_t result;
22375d
+	isc_result_t result = ISC_R_SUCCESS;
22375d
 
22375d
 	/* Consruct the prereq list */
22375d
 	/* The DHCID RR exists and matches the client identity */
22375d
-	result = make_dns_dataset(dns_rdataclass_in, dns_rdatatype_txt,
22375d
+	result = make_dns_dataset(dns_rdataclass_in, ddns_cb->dhcid_class,
22375d
 				  dataspace, 
22375d
 				  (unsigned char *)ddns_cb->dhcid.data,
22375d
 				  ddns_cb->dhcid.len, 0);
22375d
@@ -1271,7 +1362,7 @@ ddns_modify_fwd_rem2(dhcp_ddns_cb_t   *ddns_cb,
22375d
 
22375d
 	/* Construct the update list */
22375d
 	/* Delete DHCID RR */
22375d
-	result = make_dns_dataset(dns_rdataclass_none, dns_rdatatype_txt,
22375d
+	result = make_dns_dataset(dns_rdataclass_none, ddns_cb->dhcid_class,
22375d
 				  dataspace,
22375d
 				  (unsigned char *)ddns_cb->dhcid.data,
22375d
 				  ddns_cb->dhcid.len, 0);
22375d
diff --git a/common/parse.c b/common/parse.c
22375d
index fc51327..7477543 100644
22375d
--- a/common/parse.c
22375d
+++ b/common/parse.c
22375d
@@ -3558,42 +3558,7 @@ int parse_numeric_expression (expr, cfile, lose)
22375d
 	}
22375d
 	return 1;
22375d
 }
22375d
-#if defined (NSUPDATE_OLD)
22375d
-/*
22375d
- * dns-expression :==
22375d
- *	UPDATE LPAREN ns-class COMMA ns-type COMMA data-expression COMMA
22375d
- *				data-expression COMMA numeric-expression RPAREN
22375d
- *	DELETE LPAREN ns-class COMMA ns-type COMMA data-expression COMMA
22375d
- *				data-expression RPAREN
22375d
- *	EXISTS LPAREN ns-class COMMA ns-type COMMA data-expression COMMA
22375d
- *				data-expression RPAREN
22375d
- *	NOT EXISTS LPAREN ns-class COMMA ns-type COMMA data-expression COMMA
22375d
- *				data-expression RPAREN
22375d
- * ns-class :== IN | CHAOS | HS | NUMBER
22375d
- * ns-type :== A | PTR | MX | TXT | NUMBER
22375d
- */
22375d
-
22375d
-int parse_dns_expression (expr, cfile, lose)
22375d
-	struct expression **expr;
22375d
-	struct parse *cfile;
22375d
-	int *lose;
22375d
-{
22375d
-	/* Parse an expression... */
22375d
-	if (!parse_expression (expr, cfile, lose, context_dns,
22375d
-			       (struct expression **)0, expr_none))
22375d
-		return 0;
22375d
 
22375d
-	if (!is_dns_expression (*expr) &&
22375d
-	    (*expr) -> op != expr_variable_reference &&
22375d
-	    (*expr) -> op != expr_funcall) {
22375d
-		expression_dereference (expr, MDL);
22375d
-		parse_warn (cfile, "Expecting a dns update subexpression.");
22375d
-		*lose = 1;
22375d
-		return 0;
22375d
-	}
22375d
-	return 1;
22375d
-}
22375d
-#endif /* NSUPDATE_OLD */
22375d
 /* Parse a subexpression that does not contain a binary operator. */
22375d
 
22375d
 int parse_non_binary (expr, cfile, lose, context)
22375d
@@ -3608,11 +3573,6 @@ int parse_non_binary (expr, cfile, lose, context)
22375d
 	struct expression *nexp, **ep;
22375d
 	int known;
22375d
 	char *cptr;
22375d
-#if defined (NSUPDATE_OLD)
22375d
-	enum expr_op opcode;
22375d
-	const char *s;
22375d
-	unsigned long u;
22375d
-#endif 
22375d
 	isc_result_t status;
22375d
 	unsigned len;
22375d
 
22375d
@@ -3645,12 +3605,7 @@ int parse_non_binary (expr, cfile, lose, context)
22375d
 
22375d
 	      case TOKEN_NOT:
22375d
 		token = next_token (&val, (unsigned *)0, cfile);
22375d
-#if defined(NSUPDATE_OLD)
22375d
-		if (context == context_dns) {
22375d
-			token = peek_token (&val, (unsigned *)0, cfile);
22375d
-			goto not_exists;
22375d
-		}
22375d
-#endif
22375d
+
22375d
 		if (!expression_allocate (expr, MDL))
22375d
 			log_fatal ("can't allocate expression");
22375d
 		(*expr) -> op = expr_not;
22375d
@@ -3662,7 +3617,7 @@ int parse_non_binary (expr, cfile, lose, context)
22375d
 			}
22375d
 			*lose = 1;
22375d
 			expression_dereference (expr, MDL);
22375d
-			return 0;
22375d
+			return (0);
22375d
 		}
22375d
 		if (!is_boolean_expression ((*expr) -> data.not)) {
22375d
 			*lose = 1;
22375d
@@ -3694,10 +3649,6 @@ int parse_non_binary (expr, cfile, lose, context)
22375d
 		break;
22375d
 
22375d
 	      case EXISTS:
22375d
-#if defined(NSUPDATE_OLD)
22375d
-		if (context == context_dns)
22375d
-			goto ns_exists;
22375d
-#endif
22375d
 		token = next_token (&val, (unsigned *)0, cfile);
22375d
 		if (!expression_allocate (expr, MDL))
22375d
 			log_fatal ("can't allocate expression");
22375d
@@ -3710,7 +3661,7 @@ int parse_non_binary (expr, cfile, lose, context)
22375d
 		    (*expr)->data.option == NULL) {
22375d
 			*lose = 1;
22375d
 			expression_dereference (expr, MDL);
22375d
-			return 0;
22375d
+			return (0);
22375d
 		}
22375d
 		break;
22375d
 
22375d
@@ -4011,285 +3962,7 @@ int parse_non_binary (expr, cfile, lose, context)
22375d
 			goto norparen;
22375d
 		break;
22375d
 
22375d
-#if defined(NSUPDATE_OLD)
22375d
-		/* dns-update and dns-delete are present for historical
22375d
-		   purposes, but are deprecated in favor of ns-update
22375d
-		   in combination with update, delete, exists and not
22375d
-		   exists. */
22375d
-	      case DNS_UPDATE:
22375d
-	      case DNS_DELETE:
22375d
-#if !defined (NSUPDATE)
22375d
-		parse_warn (cfile,
22375d
-			    "Please rebuild dhcpd with --with-nsupdate.");
22375d
-#endif
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token == DNS_UPDATE)
22375d
-			opcode = expr_ns_add;
22375d
-		else
22375d
-			opcode = expr_ns_delete;
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != LPAREN)
22375d
-			goto nolparen;
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != STRING) {
22375d
-			parse_warn (cfile,
22375d
-				    "parse_expression: expecting string.");
22375d
-		      badnsupdate:
22375d
-			skip_to_semi (cfile);
22375d
-			*lose = 1;
22375d
-			return 0;
22375d
-		}
22375d
-			
22375d
-		if (!strcasecmp (val, "a"))
22375d
-			u = T_A;
22375d
-		else if (!strcasecmp (val, "aaaa"))
22375d
-			u = T_AAAA;
22375d
-		else if (!strcasecmp (val, "ptr"))
22375d
-			u = T_PTR;
22375d
-		else if (!strcasecmp (val, "mx"))
22375d
-			u = T_MX;
22375d
-		else if (!strcasecmp (val, "cname"))
22375d
-			u = T_CNAME;
22375d
-		else if (!strcasecmp (val, "TXT"))
22375d
-			u = T_TXT;
22375d
-		else {
22375d
-			parse_warn (cfile, "unexpected rrtype: %s", val);
22375d
-			goto badnsupdate;
22375d
-		}
22375d
-
22375d
-		s = (opcode == expr_ns_add
22375d
-		     ? "old-dns-update"
22375d
-		     : "old-dns-delete");
22375d
-		cptr = dmalloc (strlen (s) + 1, MDL);
22375d
-		if (!cptr)
22375d
-			log_fatal ("can't allocate name for %s", s);
22375d
-		strcpy (cptr, s);
22375d
-		if (!expression_allocate (expr, MDL))
22375d
-			log_fatal ("can't allocate expression");
22375d
-		(*expr) -> op = expr_funcall;
22375d
-		(*expr) -> data.funcall.name = cptr;
22375d
-
22375d
-		/* Fake up a function call. */
22375d
-		ep = &(*expr) -> data.funcall.arglist;
22375d
-		if (!expression_allocate (ep, MDL))
22375d
-			log_fatal ("can't allocate expression");
22375d
-		(*ep) -> op = expr_arg;
22375d
-		if (!make_const_int (&(*ep) -> data.arg.val, u))
22375d
-			log_fatal ("can't allocate rrtype value.");
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != COMMA)
22375d
-			goto nocomma;
22375d
-		ep = &((*ep) -> data.arg.next);
22375d
-		if (!expression_allocate (ep, MDL))
22375d
-			log_fatal ("can't allocate expression");
22375d
-		(*ep) -> op = expr_arg;
22375d
-		if (!(parse_data_expression (&(*ep) -> data.arg.val,
22375d
-					     cfile, lose)))
22375d
-			goto nodata;
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != COMMA)
22375d
-			goto nocomma;
22375d
-
22375d
-		ep = &((*ep) -> data.arg.next);
22375d
-		if (!expression_allocate (ep, MDL))
22375d
-			log_fatal ("can't allocate expression");
22375d
-		(*ep) -> op = expr_arg;
22375d
-		if (!(parse_data_expression (&(*ep) -> data.arg.val,
22375d
-					     cfile, lose)))
22375d
-			goto nodata;
22375d
-
22375d
-		if (opcode == expr_ns_add) {
22375d
-			token = next_token (&val, (unsigned *)0, cfile);
22375d
-			if (token != COMMA)
22375d
-				goto nocomma;
22375d
-			
22375d
-			ep = &((*ep) -> data.arg.next);
22375d
-			if (!expression_allocate (ep, MDL))
22375d
-				log_fatal ("can't allocate expression");
22375d
-			(*ep) -> op = expr_arg;
22375d
-			if (!(parse_numeric_expression (&(*ep) -> data.arg.val,
22375d
-							cfile, lose))) {
22375d
-				parse_warn (cfile,
22375d
-					    "expecting numeric expression.");
22375d
-				goto badnsupdate;
22375d
-			}
22375d
-		}
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != RPAREN)
22375d
-			goto norparen;
22375d
-		break;
22375d
-
22375d
-	      case NS_UPDATE:
22375d
-#if !defined (NSUPDATE)
22375d
-		parse_warn (cfile,
22375d
-			    "Please rebuild dhcpd with --with-nsupdate.");
22375d
-#endif
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (!expression_allocate (expr, MDL))
22375d
-			log_fatal ("can't allocate expression");
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != LPAREN)
22375d
-			goto nolparen;
22375d
-
22375d
-		nexp = *expr;
22375d
-		do {
22375d
-			nexp -> op = expr_dns_transaction;
22375d
-			if (!(parse_dns_expression
22375d
-			      (&nexp -> data.dns_transaction.car,
22375d
-			       cfile, lose)))
22375d
-			{
22375d
-				if (!*lose)
22375d
-					parse_warn
22375d
-						(cfile,
22375d
-						 "expecting dns expression.");
22375d
-				expression_dereference (expr, MDL);
22375d
-				*lose = 1;
22375d
-				return 0;
22375d
-			}
22375d
-
22375d
-			token = next_token (&val, (unsigned *)0, cfile);
22375d
-			
22375d
-			if (token == COMMA) {
22375d
-				if (!(expression_allocate
22375d
-				      (&nexp -> data.dns_transaction.cdr,
22375d
-				       MDL)))
22375d
-					log_fatal
22375d
-						("can't allocate expression");
22375d
-				nexp = nexp -> data.dns_transaction.cdr;
22375d
-			}
22375d
-		} while (token == COMMA);
22375d
-
22375d
-		if (token != RPAREN)
22375d
-			goto norparen;
22375d
-		break;
22375d
-
22375d
-		/* NOT EXISTS is special cased above... */
22375d
-	      not_exists:
22375d
-		token = peek_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != EXISTS) {
22375d
-			parse_warn (cfile, "expecting DNS prerequisite.");
22375d
-			*lose = 1;
22375d
-			return 0;
22375d
-		}
22375d
-		opcode = expr_ns_not_exists;
22375d
-		goto nsupdatecode;
22375d
-	      case TOKEN_ADD:
22375d
-		opcode = expr_ns_add;
22375d
-		goto nsupdatecode;
22375d
-	      case TOKEN_DELETE:
22375d
-		opcode = expr_ns_delete;
22375d
-		goto nsupdatecode;
22375d
-	      ns_exists:
22375d
-		opcode = expr_ns_exists;
22375d
-	      nsupdatecode:
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-
22375d
-#if !defined (NSUPDATE)
22375d
-		parse_warn (cfile,
22375d
-			    "Please rebuild dhcpd with --with-nsupdate.");
22375d
-#endif
22375d
-		if (!expression_allocate (expr, MDL))
22375d
-			log_fatal ("can't allocate expression");
22375d
-		(*expr) -> op = opcode;
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != LPAREN)
22375d
-			goto nolparen;
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (!is_identifier (token) && token != NUMBER) {
22375d
-			parse_warn (cfile, "expecting identifier or number.");
22375d
-		      badnsop:
22375d
-			expression_dereference (expr, MDL);
22375d
-			skip_to_semi (cfile);
22375d
-			*lose = 1;
22375d
-			return 0;
22375d
-		}
22375d
-			
22375d
-		if (token == NUMBER)
22375d
-			(*expr) -> data.ns_add.rrclass = atoi (val);
22375d
-		else if (!strcasecmp (val, "in"))
22375d
-			(*expr) -> data.ns_add.rrclass = C_IN;
22375d
-		else if (!strcasecmp (val, "chaos"))
22375d
-			(*expr) -> data.ns_add.rrclass = C_CHAOS;
22375d
-		else if (!strcasecmp (val, "hs"))
22375d
-			(*expr) -> data.ns_add.rrclass = C_HS;
22375d
-		else {
22375d
-			parse_warn (cfile, "unexpected rrclass: %s", val);
22375d
-			goto badnsop;
22375d
-		}
22375d
-		
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != COMMA)
22375d
-			goto nocomma;
22375d
 
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (!is_identifier (token) && token != NUMBER) {
22375d
-			parse_warn (cfile, "expecting identifier or number.");
22375d
-			goto badnsop;
22375d
-		}
22375d
-			
22375d
-		if (token == NUMBER)
22375d
-			(*expr) -> data.ns_add.rrtype = atoi (val);
22375d
-		else if (!strcasecmp (val, "a"))
22375d
-			(*expr) -> data.ns_add.rrtype = T_A;
22375d
-		else if (!strcasecmp (val, "aaaa"))
22375d
-			(*expr) -> data.ns_add.rrtype = T_AAAA;
22375d
-		else if (!strcasecmp (val, "ptr"))
22375d
-			(*expr) -> data.ns_add.rrtype = T_PTR;
22375d
-		else if (!strcasecmp (val, "mx"))
22375d
-			(*expr) -> data.ns_add.rrtype = T_MX;
22375d
-		else if (!strcasecmp (val, "cname"))
22375d
-			(*expr) -> data.ns_add.rrtype = T_CNAME;
22375d
-		else if (!strcasecmp (val, "TXT"))
22375d
-			(*expr) -> data.ns_add.rrtype = T_TXT;
22375d
-		else {
22375d
-			parse_warn (cfile, "unexpected rrtype: %s", val);
22375d
-			goto badnsop;
22375d
-		}
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != COMMA)
22375d
-			goto nocomma;
22375d
-
22375d
-		if (!(parse_data_expression
22375d
-		      (&(*expr) -> data.ns_add.rrname, cfile, lose)))
22375d
-			goto nodata;
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != COMMA)
22375d
-			goto nocomma;
22375d
-
22375d
-		if (!(parse_data_expression
22375d
-		      (&(*expr) -> data.ns_add.rrdata, cfile, lose)))
22375d
-			goto nodata;
22375d
-
22375d
-		if (opcode == expr_ns_add) {
22375d
-			token = next_token (&val, (unsigned *)0, cfile);
22375d
-			if (token != COMMA)
22375d
-				goto nocomma;
22375d
-			
22375d
-			if (!(parse_numeric_expression
22375d
-			      (&(*expr) -> data.ns_add.ttl, cfile,
22375d
-			       lose))) {
22375d
-			    if (!*lose)
22375d
-				parse_warn (cfile,
22375d
-					    "expecting numeric expression.");
22375d
-			    goto badnsupdate;
22375d
-			}
22375d
-		}
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != RPAREN)
22375d
-			goto norparen;
22375d
-		break;
22375d
-#endif /* NSUPDATE_OLD */
22375d
 	      case OPTION:
22375d
 	      case CONFIG_OPTION:
22375d
 		if (!expression_allocate (expr, MDL))
22375d
@@ -4366,44 +4039,7 @@ int parse_non_binary (expr, cfile, lose, context)
22375d
 		(*expr) -> op = expr_host_decl_name;
22375d
 		break;
22375d
 
22375d
-#if defined(NSUPDATE_OLD)
22375d
-	      case UPDATED_DNS_RR:
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != LPAREN)
22375d
-			goto nolparen;
22375d
 
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != STRING) {
22375d
-			parse_warn (cfile, "expecting string.");
22375d
-		      bad_rrtype:
22375d
-			*lose = 1;
22375d
-			return 0;
22375d
-		}
22375d
-		if (!strcasecmp (val, "a"))
22375d
-			s = "ddns-fwd-name";
22375d
-		else if (!strcasecmp (val, "ptr"))
22375d
-			s = "ddns-rev-name";
22375d
-		else {
22375d
-			parse_warn (cfile, "invalid DNS rrtype: %s", val);
22375d
-			goto bad_rrtype;
22375d
-		}
22375d
-
22375d
-		token = next_token (&val, (unsigned *)0, cfile);
22375d
-		if (token != RPAREN)
22375d
-			goto norparen;
22375d
-
22375d
-		if (!expression_allocate (expr, MDL))
22375d
-			log_fatal ("can't allocate expression");
22375d
-		(*expr) -> op = expr_variable_reference;
22375d
-		(*expr) -> data.variable =
22375d
-			dmalloc (strlen (s) + 1, MDL);
22375d
-		if (!(*expr) -> data.variable)
22375d
-			log_fatal ("can't allocate variable name.");
22375d
-		strcpy ((*expr) -> data.variable, s);
22375d
-		break;
22375d
-#endif /* NSUPDATE_OLD */
22375d
 	      case PACKET:
22375d
 		token = next_token (&val, (unsigned *)0, cfile);
22375d
 		if (!expression_allocate (expr, MDL))
22375d
diff --git a/common/tree.c b/common/tree.c
22375d
index 8c2056c..26e0add 100644
22375d
--- a/common/tree.c
22375d
+++ b/common/tree.c
22375d
@@ -645,15 +645,6 @@ int evaluate_expression (result, packet, lease, client_state,
22375d
 		status = (evaluate_data_expression
22375d
 			  (&bv -> value.data, packet, lease, client_state,
22375d
 			   in_options, cfg_options, scope, expr, MDL));
22375d
-#if defined (NSUPDATE_OLD)
22375d
-	} else if (is_dns_expression (expr)) {
22375d
-		if (!binding_value_allocate (&bv, MDL))
22375d
-			return 0;
22375d
-		bv -> type = binding_dns;
22375d
-		status = (evaluate_dns_expression
22375d
-			  (&bv -> value.dns, packet, lease, client_state,
22375d
-			   in_options, cfg_options, scope, expr));
22375d
-#endif
22375d
 	} else {
22375d
 		log_error ("%s: invalid expression type: %d",
22375d
 			   "evaluate_expression", expr -> op);
22375d
@@ -699,19 +690,6 @@ int binding_value_dereference (struct binding_value **v,
22375d
 		if (bv -> value.data.buffer)
22375d
 			data_string_forget (&bv -> value.data, file, line);
22375d
 		break;
22375d
-	      case binding_dns:
22375d
-#if defined (NSUPDATE_OLD)
22375d
-		if (bv -> value.dns) {
22375d
-			if (bv -> value.dns -> r_data) {
22375d
-				dfree (bv -> value.dns -> r_data_ephem, MDL);
22375d
-				bv -> value.dns -> r_data = (unsigned char *)0;
22375d
-				bv -> value.dns -> r_data_ephem =
22375d
-					(unsigned char *)0;
22375d
-			}
22375d
-			minires_freeupdrec (bv -> value.dns);
22375d
-		}
22375d
-		break;
22375d
-#endif
22375d
 	      default:
22375d
 		log_error ("%s(%d): invalid binding type: %d",
22375d
 			   file, line, bv -> type);
22375d
@@ -721,270 +699,6 @@ int binding_value_dereference (struct binding_value **v,
22375d
 	return 1;
22375d
 }
22375d
 
22375d
-#if defined (NSUPDATE_OLD)
22375d
-int evaluate_dns_expression (result, packet, lease, client_state, in_options,
22375d
-			     cfg_options, scope, expr)
22375d
-	ns_updrec **result;
22375d
-	struct packet *packet;
22375d
-	struct lease *lease;
22375d
-	struct client_state *client_state;
22375d
-	struct option_state *in_options;
22375d
-	struct option_state *cfg_options;
22375d
-	struct binding_scope **scope;
22375d
-	struct expression *expr;
22375d
-{
22375d
-	unsigned long ttl = 0;
22375d
-	char *tname;
22375d
-	struct data_string name, data;
22375d
-	int r0, r1, r2;
22375d
-
22375d
-	if (!result || *result) {
22375d
-		log_error ("evaluate_dns_expression called with non-null %s",
22375d
-			   "result pointer");
22375d
-#if defined (POINTER_DEBUG)
22375d
-		abort ();
22375d
-#else
22375d
-		return 0;
22375d
-#endif
22375d
-	}
22375d
-		
22375d
-	switch (expr -> op) {
22375d
-#if defined (NSUPDATE)
22375d
-	      case expr_ns_add:
22375d
-		r0 = evaluate_numeric_expression (&ttl, packet, lease,
22375d
-						  client_state,
22375d
-						  in_options, cfg_options,
22375d
-						  scope,
22375d
-						  expr -> data.ns_add.ttl);
22375d
-		goto nsfinish;
22375d
-
22375d
-	      case expr_ns_exists:
22375d
-		ttl = 1;
22375d
-
22375d
-	      case expr_ns_delete:
22375d
-	      case expr_ns_not_exists:
22375d
-		r0 = 1;
22375d
-	      nsfinish:
22375d
-		memset (&name, 0, sizeof name);
22375d
-		r1 = evaluate_data_expression (&name, packet, lease,
22375d
-					       client_state,
22375d
-					       in_options, cfg_options, scope,
22375d
-					       expr -> data.ns_add.rrname,
22375d
-					       MDL);
22375d
-		if (r1) {
22375d
-			/* The result of the evaluation may or may not
22375d
-			   be NUL-terminated, but we need it
22375d
-			   terminated for sure, so we have to allocate
22375d
-			   a buffer and terminate it. */
22375d
-			tname = dmalloc (name.len + 1, MDL);
22375d
-			if (!tname) {
22375d
-				r2 = 0;
22375d
-				r1 = 0;
22375d
-				data_string_forget (&name, MDL);
22375d
-			} else {
22375d
-				memcpy (tname, name.data, name.len);
22375d
-				tname [name.len] = 0;
22375d
-				memset (&data, 0, sizeof data);
22375d
-				r2 = evaluate_data_expression
22375d
-					(&data, packet, lease, client_state,
22375d
-					 in_options, cfg_options, scope,
22375d
-					 expr -> data.ns_add.rrdata, MDL);
22375d
-			}
22375d
-		} else {
22375d
-			r2 = 0;
22375d
-			tname = NULL;
22375d
-		}
22375d
-		if (r0 && r1 && (r2 || expr -> op != expr_ns_add)) {
22375d
-		    *result = minires_mkupdrec (((expr -> op == expr_ns_add ||
22375d
-						  expr -> op == expr_ns_delete)
22375d
-						 ? S_UPDATE : S_PREREQ),
22375d
-						tname,
22375d
-						expr -> data.ns_add.rrclass,
22375d
-						expr -> data.ns_add.rrtype,
22375d
-						ttl);
22375d
-		    if (!*result) {
22375d
-			  ngood:
22375d
-			    if (r2) {
22375d
-				data_string_forget (&data, MDL);
22375d
-				r2 = 0;
22375d
-			    }
22375d
-		    } else {
22375d
-			if (data.len) {
22375d
-				/* As a special case, if we get exactly
22375d
-				   four bytes of data, it's an IP address
22375d
-				   represented as a 32-bit quantity, which
22375d
-				   is actually what we *should* be getting
22375d
-				   here.   Because res_mkupdrec is currently
22375d
-				   broken and expects a dotted quad, convert
22375d
-				   it.   This should be fixed when the new
22375d
-				   resolver is merged. */
22375d
-				if (data.len == 4) {
22375d
-				    (*result) -> r_data_ephem =
22375d
-					    dmalloc (16, MDL);
22375d
-				    if (!(*result) -> r_data_ephem)
22375d
-					goto dpngood;
22375d
-				    (*result) -> r_data =
22375d
-					    (*result) -> r_data_ephem;
22375d
-				    /*%Audit% 16 bytes max. %2004.06.17,Safe%*/
22375d
-				    sprintf ((char *)(*result) -> r_data_ephem,
22375d
-					     "%u.%u.%u.%u",
22375d
-					     data.data [0] & 0xff,
22375d
-					     data.data [1] & 0xff,
22375d
-					     data.data [2] & 0xff,
22375d
-					     data.data [3] & 0xff);
22375d
-				    (*result) -> r_size = 
22375d
-					    strlen ((const char *)
22375d
-						    (*result) -> r_data);
22375d
-				} else {
22375d
-				    (*result) -> r_size = data.len;
22375d
-				    (*result) -> r_data_ephem =
22375d
-					    dmalloc (data.len, MDL);
22375d
-				    if (!(*result) -> r_data_ephem) {
22375d
-				      dpngood: /* double plus ungood. */
22375d
-					minires_freeupdrec (*result);
22375d
-					*result = 0;
22375d
-					goto ngood;
22375d
-				    }
22375d
-				    (*result) -> r_data =
22375d
-					    (*result) -> r_data_ephem;
22375d
-				    memcpy ((*result) -> r_data_ephem,
22375d
-					    data.data, data.len);
22375d
-				}
22375d
-			} else {
22375d
-				(*result) -> r_data = 0;
22375d
-				(*result) -> r_size = 0;
22375d
-			}
22375d
-			switch (expr -> op) {
22375d
-			      case expr_ns_add:
22375d
-				(*result) -> r_opcode = ADD;
22375d
-				break;
22375d
-			      case expr_ns_delete:
22375d
-				(*result) -> r_opcode = DELETE;
22375d
-				break;
22375d
-			      case expr_ns_exists:
22375d
-				(*result) -> r_opcode = YXRRSET;
22375d
-				break;
22375d
-			      case expr_ns_not_exists:
22375d
-				(*result) -> r_opcode = NXRRSET;
22375d
-				break;
22375d
-
22375d
-				/* Can't happen, but satisfy gcc. */
22375d
-			      default:
22375d
-				break;
22375d
-			}
22375d
-		    }
22375d
-		}
22375d
-		if (r1) {
22375d
-			data_string_forget (&name, MDL);
22375d
-			dfree (tname, MDL);
22375d
-		}
22375d
-		if (r2)
22375d
-			data_string_forget (&data, MDL);
22375d
-		/* One flaw in the thinking here: an IP address and an
22375d
-		   ASCII string both look like data expressions, but
22375d
-		   for A records, we want an ASCII string, not a
22375d
-		   binary IP address.  Do I need to turn binary IP
22375d
-		   addresses into a separate type?  */
22375d
-		return (r0 && r1 &&
22375d
-			(r2 || expr -> op != expr_ns_add) && *result);
22375d
-
22375d
-#else
22375d
-	      case expr_ns_add:
22375d
-	      case expr_ns_delete:
22375d
-	      case expr_ns_exists:
22375d
-	      case expr_ns_not_exists:
22375d
-		return 0;
22375d
-#endif
22375d
-	      case expr_funcall:
22375d
-		log_error ("%s: dns values for functions not supported.",
22375d
-			   expr -> data.funcall.name);
22375d
-		break;
22375d
-
22375d
-	      case expr_variable_reference:
22375d
-		log_error ("%s: dns values for variables not supported.",
22375d
-			   expr -> data.variable);
22375d
-		break;
22375d
-
22375d
-	      case expr_check:
22375d
-	      case expr_equal:
22375d
-	      case expr_not_equal:
22375d
-	      case expr_regex_match:
22375d
-	      case expr_iregex_match:
22375d
-	      case expr_and:
22375d
-	      case expr_or:
22375d
-	      case expr_not:
22375d
-	      case expr_match:
22375d
-	      case expr_static:
22375d
-	      case expr_known:
22375d
-	      case expr_exists:
22375d
-	      case expr_variable_exists:
22375d
-		log_error ("Boolean opcode in evaluate_dns_expression: %d",
22375d
-		      expr -> op);
22375d
-		return 0;
22375d
-
22375d
-	      case expr_none:
22375d
-	      case expr_substring:
22375d
-	      case expr_suffix:
22375d
-	      case expr_lcase:
22375d
-	      case expr_ucase:
22375d
-	      case expr_option:
22375d
-	      case expr_hardware:
22375d
-	      case expr_const_data:
22375d
-	      case expr_packet:
22375d
-	      case expr_concat:
22375d
-	      case expr_encapsulate:
22375d
-	      case expr_host_lookup:
22375d
-	      case expr_encode_int8:
22375d
-	      case expr_encode_int16:
22375d
-	      case expr_encode_int32:
22375d
-	      case expr_binary_to_ascii:
22375d
-	      case expr_reverse:
22375d
-	      case expr_filename:
22375d
-	      case expr_sname:
22375d
-	      case expr_pick_first_value:
22375d
-	      case expr_host_decl_name:
22375d
-	      case expr_config_option:
22375d
-	      case expr_leased_address:
22375d
-	      case expr_null:
22375d
-	      case expr_gethostname:
22375d
-		log_error ("Data opcode in evaluate_dns_expression: %d",
22375d
-		      expr -> op);
22375d
-		return 0;
22375d
-
22375d
-	      case expr_extract_int8:
22375d
-	      case expr_extract_int16:
22375d
-	      case expr_extract_int32:
22375d
-	      case expr_const_int:
22375d
-	      case expr_lease_time:
22375d
-	      case expr_dns_transaction:
22375d
-	      case expr_add:
22375d
-	      case expr_subtract:
22375d
-	      case expr_multiply:
22375d
-	      case expr_divide:
22375d
-	      case expr_remainder:
22375d
-	      case expr_binary_and:
22375d
-	      case expr_binary_or:
22375d
-	      case expr_binary_xor:
22375d
-	      case expr_client_state:
22375d
-		log_error ("Numeric opcode in evaluate_dns_expression: %d",
22375d
-		      expr -> op);
22375d
-		return 0;
22375d
-
22375d
-	      case expr_function:
22375d
-		log_error ("Function opcode in evaluate_dns_expression: %d",
22375d
-		      expr -> op);
22375d
-		return 0;
22375d
-
22375d
-	      case expr_arg:
22375d
-		break;
22375d
-	}
22375d
-
22375d
-	log_error ("Bogus opcode in evaluate_dns_expression: %d",
22375d
-		   expr -> op);
22375d
-	return 0;
22375d
-}
22375d
-#endif /* defined (NSUPDATE_OLD) */
22375d
-
22375d
 int evaluate_boolean_expression (result, packet, lease, client_state,
22375d
 				 in_options, cfg_options, scope, expr)
22375d
 	int *result;
22375d
@@ -1056,20 +770,7 @@ int evaluate_boolean_expression (result, packet, lease, client_state,
22375d
 			    else
22375d
 				*result = expr -> op == expr_not_equal;
22375d
 			    break;
22375d
-#if defined (NSUPDATE_OLD)
22375d
-			  case binding_dns:
22375d
-#if defined (NSUPDATE)
22375d
-			    /* XXX This should be a comparison for equal
22375d
-			       XXX values, not for identity. */
22375d
-			    if (bv -> value.dns == obv -> value.dns)
22375d
-				*result = expr -> op == expr_equal;
22375d
-			    else
22375d
-				*result = expr -> op == expr_not_equal;
22375d
-#else
22375d
-				*result = expr -> op == expr_not_equal;
22375d
-#endif
22375d
-			    break;
22375d
-#endif /* NSUPDATE_OLD */
22375d
+
22375d
 			  case binding_function:
22375d
 			    if (bv -> value.fundef == obv -> value.fundef)
22375d
 				*result = expr -> op == expr_equal;
22375d
@@ -2369,7 +2070,7 @@ int evaluate_data_expression (result, packet, lease, client_state,
22375d
 	      case expr_ns_delete:
22375d
 	      case expr_ns_exists:
22375d
 	      case expr_ns_not_exists:
22375d
-		log_error ("dns update opcode in evaluate_data_expression: %d",
22375d
+		log_error ("dns opcode in evaluate_boolean_expression: %d",
22375d
 		      expr -> op);
22375d
 		return 0;
22375d
 
22375d
@@ -2398,11 +2099,6 @@ int evaluate_numeric_expression (result, packet, lease, client_state,
22375d
 {
22375d
 	struct data_string data;
22375d
 	int status, sleft, sright;
22375d
-#if defined (NSUPDATE_OLD)
22375d
-	ns_updrec *nut;
22375d
-	ns_updque uq;
22375d
-	struct expression *cur, *next;
22375d
-#endif
22375d
 
22375d
 	struct binding *binding;
22375d
 	struct binding_value *bv;
22375d
@@ -2541,53 +2237,6 @@ int evaluate_numeric_expression (result, packet, lease, client_state,
22375d
 #endif
22375d
 		return (1);
22375d
  
22375d
-	      case expr_dns_transaction:
22375d
-#if !defined (NSUPDATE_OLD)
22375d
-		return 0;
22375d
-#else
22375d
-		if (!resolver_inited) {
22375d
-			minires_ninit (&resolver_state);
22375d
-			resolver_inited = 1;
22375d
-			resolver_state.retrans = 1;
22375d
-			resolver_state.retry = 1;
22375d
-		}
22375d
-		ISC_LIST_INIT (uq);
22375d
-		cur = expr;
22375d
-		do {
22375d
-		    next = cur -> data.dns_transaction.cdr;
22375d
-		    nut = 0;
22375d
-		    status = (evaluate_dns_expression
22375d
-			      (&nut, packet,
22375d
-			       lease, client_state, in_options, cfg_options,
22375d
-			       scope, cur -> data.dns_transaction.car));
22375d
-		    if (!status)
22375d
-			    goto dns_bad;
22375d
-		    ISC_LIST_APPEND (uq, nut, r_link);
22375d
-		    cur = next;
22375d
-		} while (next);
22375d
-
22375d
-		/* Do the update and record the error code, if there was
22375d
-		   an error; otherwise set it to NOERROR. */
22375d
-		*result = minires_nupdate (&resolver_state,
22375d
-					   ISC_LIST_HEAD (uq));
22375d
-		status = 1;
22375d
-
22375d
-		print_dns_status ((int)*result, &uq;;
22375d
-
22375d
-	      dns_bad:
22375d
-		while (!ISC_LIST_EMPTY (uq)) {
22375d
-			ns_updrec *tmp = ISC_LIST_HEAD (uq);
22375d
-			ISC_LIST_UNLINK (uq, tmp, r_link);
22375d
-			if (tmp -> r_data_ephem) {
22375d
-				dfree (tmp -> r_data_ephem, MDL);
22375d
-				tmp -> r_data = (unsigned char *)0;
22375d
-				tmp -> r_data_ephem = (unsigned char *)0;
22375d
-			}
22375d
-			minires_freeupdrec (tmp);
22375d
-		}
22375d
-		return status;
22375d
-#endif /* NSUPDATE_OLD */
22375d
-
22375d
 	      case expr_variable_reference:
22375d
 		if (scope && *scope) {
22375d
 		    binding = find_binding (*scope, expr -> data.variable);
22375d
@@ -2877,14 +2526,6 @@ int evaluate_numeric_expression (result, packet, lease, client_state,
22375d
 			return 0;
22375d
 		}
22375d
 
22375d
-	      case expr_ns_add:
22375d
-	      case expr_ns_delete:
22375d
-	      case expr_ns_exists:
22375d
-	      case expr_ns_not_exists:
22375d
-		log_error ("dns opcode in evaluate_numeric_expression: %d",
22375d
-		      expr -> op);
22375d
-		return 0;
22375d
-
22375d
 	      case expr_function:
22375d
 		log_error ("function definition in evaluate_numeric_expr");
22375d
 		return 0;
22375d
@@ -3182,38 +2823,6 @@ void expression_dereference (eptr, file, line)
22375d
 				(&expr -> data.reverse.buffer, file, line);
22375d
 		break;
22375d
 
22375d
-	      case expr_dns_transaction:
22375d
-		if (expr -> data.dns_transaction.car)
22375d
-		    expression_dereference (&expr -> data.dns_transaction.car,
22375d
-					    file, line);
22375d
-		if (expr -> data.dns_transaction.cdr)
22375d
-		    expression_dereference (&expr -> data.dns_transaction.cdr,
22375d
-					    file, line);
22375d
-		break;
22375d
-
22375d
-	      case expr_ns_add:
22375d
-		if (expr -> data.ns_add.rrname)
22375d
-		    expression_dereference (&expr -> data.ns_add.rrname,
22375d
-					    file, line);
22375d
-		if (expr -> data.ns_add.rrdata)
22375d
-		    expression_dereference (&expr -> data.ns_add.rrdata,
22375d
-					    file, line);
22375d
-		if (expr -> data.ns_add.ttl)
22375d
-		    expression_dereference (&expr -> data.ns_add.ttl,
22375d
-					    file, line);
22375d
-		break;
22375d
-
22375d
-	      case expr_ns_delete:
22375d
-	      case expr_ns_exists:
22375d
-	      case expr_ns_not_exists:
22375d
-		if (expr -> data.ns_delete.rrname)
22375d
-		    expression_dereference (&expr -> data.ns_delete.rrname,
22375d
-					    file, line);
22375d
-		if (expr -> data.ns_delete.rrdata)
22375d
-		    expression_dereference (&expr -> data.ns_delete.rrdata,
22375d
-					    file, line);
22375d
-		break;
22375d
-
22375d
 	      case expr_variable_reference:
22375d
 	      case expr_variable_exists:
22375d
 		if (expr -> data.variable)
22375d
@@ -3262,15 +2871,6 @@ void expression_dereference (eptr, file, line)
22375d
 	free_expression (expr, MDL);
22375d
 }
22375d
 
22375d
-int is_dns_expression (expr)
22375d
-	struct expression *expr;
22375d
-{
22375d
-      return (expr -> op == expr_ns_add ||
22375d
-	      expr -> op == expr_ns_delete ||
22375d
-	      expr -> op == expr_ns_exists ||
22375d
-	      expr -> op == expr_ns_not_exists);
22375d
-}
22375d
-
22375d
 int is_boolean_expression (expr)
22375d
 	struct expression *expr;
22375d
 {
22375d
@@ -3325,7 +2925,6 @@ int is_numeric_expression (expr)
22375d
 		expr -> op == expr_extract_int32 ||
22375d
 		expr -> op == expr_const_int ||
22375d
 		expr -> op == expr_lease_time ||
22375d
-		expr -> op == expr_dns_transaction ||
22375d
 		expr -> op == expr_add ||
22375d
 		expr -> op == expr_subtract ||
22375d
 		expr -> op == expr_multiply ||
22375d
@@ -3340,11 +2939,7 @@ int is_numeric_expression (expr)
22375d
 int is_compound_expression (expr)
22375d
 	struct expression *expr;
22375d
 {
22375d
-	return (expr -> op == expr_ns_add ||
22375d
-		expr -> op == expr_ns_delete ||
22375d
-		expr -> op == expr_ns_exists ||
22375d
-		expr -> op == expr_ns_not_exists ||
22375d
-		expr -> op == expr_substring ||
22375d
+	return (expr -> op == expr_substring ||
22375d
 		expr -> op == expr_suffix ||
22375d
 		expr -> op == expr_option ||
22375d
 		expr -> op == expr_concat ||
22375d
@@ -3357,8 +2952,7 @@ int is_compound_expression (expr)
22375d
 		expr -> op == expr_config_option ||
22375d
 		expr -> op == expr_extract_int8 ||
22375d
 		expr -> op == expr_extract_int16 ||
22375d
-		expr -> op == expr_extract_int32 ||
22375d
-		expr -> op == expr_dns_transaction);
22375d
+		expr -> op == expr_extract_int32);
22375d
 }
22375d
 
22375d
 static int op_val (enum expr_op);
22375d
@@ -3456,8 +3050,6 @@ enum expression_context expression_context (struct expression *expr)
22375d
 		return context_numeric;
22375d
 	if (is_boolean_expression (expr))
22375d
 		return context_boolean;
22375d
-	if (is_dns_expression (expr))
22375d
-		return context_dns;
22375d
 	return context_any;
22375d
 }
22375d
 
22375d
@@ -3928,99 +3520,6 @@ int write_expression (file, expr, col, indent, firstp)
22375d
 					  "lease-time");
22375d
 		break;
22375d
 
22375d
-	      case expr_dns_transaction:
22375d
-		col = token_print_indent (file, col, indent, "", "",
22375d
-					  "ns-update");
22375d
-		col = token_print_indent (file, col, indent, " ", "",
22375d
-					  "(");
22375d
-		scol = 0;
22375d
-		for (e = expr;
22375d
-		     e && e -> op == expr_dns_transaction;
22375d
-		     e = e -> data.dns_transaction.cdr) {
22375d
-			if (!scol) {
22375d
-				scol = col;
22375d
-				firstp = 1;
22375d
-			} else
22375d
-				firstp = 0;
22375d
-			col = write_expression (file,
22375d
-						e -> data.dns_transaction.car,
22375d
-						col, scol, firstp);
22375d
-			if (e -> data.dns_transaction.cdr)
22375d
-				col = token_print_indent (file, col, scol,
22375d
-							  "", " ", ",");
22375d
-		}
22375d
-		if (e)
22375d
-			col = write_expression (file, e, col, scol, 0);
22375d
-		col = token_print_indent (file, col, indent, "", "", ")");
22375d
-		break;
22375d
-
22375d
-	      case expr_ns_add:
22375d
-		col = token_print_indent (file, col, indent, "", "",
22375d
-					  "update");
22375d
-		col = token_print_indent (file, col, indent, " ", "",
22375d
-					  "(");
22375d
-		scol = col;
22375d
-		sprintf (obuf, "%d", expr -> data.ns_add.rrclass);
22375d
-		col = token_print_indent (file, col, scol, "", "", obuf);
22375d
-		col = token_print_indent (file, col, scol, "", " ",
22375d
-					  ",");
22375d
-		sprintf (obuf, "%d", expr -> data.ns_add.rrtype);
22375d
-		col = token_print_indent (file, col, scol, "", "", obuf);
22375d
-		col = token_print_indent (file, col, scol, "", " ",
22375d
-					  ",");
22375d
-		col = write_expression (file, expr -> data.ns_add.rrname,
22375d
-					col, scol, 0);
22375d
-		col = token_print_indent (file, col, scol, "", " ",
22375d
-					  ",");
22375d
-		col = write_expression (file, expr -> data.ns_add.rrdata,
22375d
-					col, scol, 0);
22375d
-		col = token_print_indent (file, col, scol, "", " ",
22375d
-					  ",");
22375d
-		col = write_expression (file, expr -> data.ns_add.ttl,
22375d
-					col, scol, 0);
22375d
-		col = token_print_indent (file, col, indent, "", "",
22375d
-					  ")");
22375d
-		break;
22375d
-
22375d
-	      case expr_ns_delete:
22375d
-		col = token_print_indent (file, col, indent, "", "",
22375d
-					  "delete");
22375d
-		col = token_print_indent (file, col, indent, " ", "",
22375d
-					  "(");
22375d
-	      finish_ns_small:
22375d
-		scol = col;
22375d
-		sprintf (obuf, "%d", expr -> data.ns_add.rrclass);
22375d
-		col = token_print_indent (file, col, scol, "", "", obuf);
22375d
-		col = token_print_indent (file, col, scol, "", " ",
22375d
-					  ",");
22375d
-		sprintf (obuf, "%d", expr -> data.ns_add.rrtype);
22375d
-		col = token_print_indent (file, col, scol, "", "", obuf);
22375d
-		col = token_print_indent (file, col, scol, "", " ",
22375d
-					  ",");
22375d
-		col = write_expression (file, expr -> data.ns_add.rrname,
22375d
-					col, scol, 0);
22375d
-		col = token_print_indent (file, col, scol, "", " ",
22375d
-					  ",");
22375d
-		col = write_expression (file, expr -> data.ns_add.rrdata,
22375d
-					col, scol, 0);
22375d
-		col = token_print_indent (file, col, indent, "", "",
22375d
-					  ")");
22375d
-		break;
22375d
-
22375d
-	      case expr_ns_exists:
22375d
-		col = token_print_indent (file, col, indent, "", "",
22375d
-					  "exists");
22375d
-		col = token_print_indent (file, col, indent, " ", "",
22375d
-					  "(");
22375d
-		goto finish_ns_small;
22375d
-
22375d
-	      case expr_ns_not_exists:
22375d
-		col = token_print_indent (file, col, indent, "", "",
22375d
-					  "not exists");
22375d
-		col = token_print_indent (file, col, indent, " ", "",
22375d
-					  "(");
22375d
-		goto finish_ns_small;
22375d
-
22375d
 	      case expr_static:
22375d
 		col = token_print_indent (file, col, indent, "", "",
22375d
 					  "static");
22375d
@@ -4293,12 +3792,7 @@ int data_subexpression_length (int *rv,
22375d
 	      case expr_const_int:
22375d
 	      case expr_exists:
22375d
 	      case expr_known:
22375d
-	      case expr_dns_transaction:
22375d
 	      case expr_static:
22375d
-	      case expr_ns_add:
22375d
-	      case expr_ns_delete:
22375d
-	      case expr_ns_exists:
22375d
-	      case expr_ns_not_exists:
22375d
 	      case expr_not_equal:
22375d
 	      case expr_null:
22375d
 	      case expr_variable_exists:
22375d
@@ -4349,12 +3843,6 @@ int expr_valid_for_context (struct expression *expr,
22375d
 			return 1;
22375d
 		return 0;
22375d
 
22375d
-	      case context_dns:
22375d
-		if (is_dns_expression (expr)) {
22375d
-			return 1;
22375d
-		}
22375d
-		return 0;
22375d
-
22375d
 	      case context_data_or_numeric:
22375d
 		if (is_numeric_expression (expr) ||
22375d
 		    is_data_expression (expr)) {
22375d
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
22375d
index 1d2bf2c..7e756e0 100644
22375d
--- a/includes/dhcpd.h
22375d
+++ b/includes/dhcpd.h
22375d
@@ -638,6 +638,7 @@ struct lease_state {
22375d
 #define DDNS_UPDATE_STYLE_NONE		0
22375d
 #define DDNS_UPDATE_STYLE_AD_HOC	1
22375d
 #define DDNS_UPDATE_STYLE_INTERIM	2
22375d
+#define DDNS_UPDATE_STYLE_STANDARD	3
22375d
 
22375d
 /* Server option names. */
22375d
 
22375d
@@ -1627,6 +1628,9 @@ typedef struct dhcp_ddns_cb {
22375d
 
22375d
 	void *transaction;
22375d
 	void *dataspace;
22375d
+
22375d
+	dns_rdataclass_t dhcid_class;
22375d
+	char *lease_tag;
22375d
 } dhcp_ddns_cb_t;
22375d
 
22375d
 extern struct ipv6_pool **pools;
22375d
@@ -2047,11 +2051,6 @@ struct expression *parse_domain_list(struct parse *cfile, int);
22375d
 
22375d
 
22375d
 /* tree.c */
22375d
-#if defined (NSUPDATE)
22375d
-extern struct __res_state resolver_state;
22375d
-extern int resolver_inited;
22375d
-#endif
22375d
-
22375d
 extern struct binding_scope *global_scope;
22375d
 pair cons (caddr_t, pair);
22375d
 int make_const_option_cache (struct option_cache **, struct buffer **,
22375d
@@ -2079,15 +2078,6 @@ int evaluate_expression (struct binding_value **, struct packet *,
22375d
 			 struct binding_scope **, struct expression *,
22375d
 			 const char *, int);
22375d
 int binding_value_dereference (struct binding_value **, const char *, int);
22375d
-#if defined (NSUPDATE_OLD)
22375d
-int evaluate_dns_expression (ns_updrec **, struct packet *,
22375d
-			     struct lease *,
22375d
-			     struct client_state *,
22375d
-			     struct option_state *,
22375d
-			     struct option_state *,
22375d
-			     struct binding_scope **,
22375d
-			     struct expression *);
22375d
-#endif
22375d
 int evaluate_boolean_expression (int *,
22375d
 				 struct packet *,  struct lease *,
22375d
 				 struct client_state *,
22375d
@@ -2913,21 +2903,18 @@ int icmp_echorequest (struct iaddr *);
22375d
 isc_result_t icmp_echoreply (omapi_object_t *);
22375d
 
22375d
 /* dns.c */
22375d
-#if defined (NSUPDATE)
22375d
-isc_result_t find_tsig_key (ns_tsig_key **, const char *, struct dns_zone *);
22375d
-void tkey_free (ns_tsig_key **);
22375d
-#endif
22375d
 isc_result_t enter_dns_zone (struct dns_zone *);
22375d
 isc_result_t dns_zone_lookup (struct dns_zone **, const char *);
22375d
 int dns_zone_dereference (struct dns_zone **, const char *, int);
22375d
 #if defined (NSUPDATE)
22375d
 #define FIND_FORWARD 0
22375d
 #define FIND_REVERSE 1
22375d
+isc_result_t find_tsig_key (ns_tsig_key **, const char *, struct dns_zone *);
22375d
+void tkey_free (ns_tsig_key **);
22375d
 isc_result_t find_cached_zone (dhcp_ddns_cb_t *, int);
22375d
 void forget_zone (struct dns_zone **);
22375d
 void repudiate_zone (struct dns_zone **);
22375d
-//void cache_found_zone (ns_class, char *, struct in_addr *, int);
22375d
-int get_dhcid (struct data_string *, int, const u_int8_t *, unsigned);
22375d
+int get_dhcid (dhcp_ddns_cb_t *, int, const u_int8_t *, unsigned);
22375d
 void dhcid_tolease (struct data_string *, struct data_string *);
22375d
 isc_result_t dhcid_fromlease (struct data_string *, struct data_string *);
22375d
 isc_result_t ddns_update_fwd(struct data_string *, struct iaddr,
22375d
@@ -2937,6 +2924,16 @@ isc_result_t ddns_remove_fwd(struct data_string *,
22375d
 			     struct iaddr, struct data_string *);
22375d
 #endif /* NSUPDATE */
22375d
 
22375d
+dhcp_ddns_cb_t *ddns_cb_alloc(const char *file, int line);
22375d
+void ddns_cb_free (dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
+void ddns_cb_forget_zone (dhcp_ddns_cb_t *ddns_cb);
22375d
+isc_result_t
22375d
+ddns_modify_fwd(dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
+isc_result_t
22375d
+ddns_modify_ptr(dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
+void
22375d
+ddns_cancel(dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
+
22375d
 /* resolv.c */
22375d
 extern char path_resolv_conf [];
22375d
 extern struct name_server *name_servers;
22375d
@@ -3302,21 +3299,6 @@ void dump_subnets (void);
22375d
 void free_everything (void);
22375d
 #endif
22375d
 
22375d
-/* nsupdate.c */
22375d
-char *ddns_rev_name (struct lease *, struct lease_state *, struct packet *);
22375d
-char *ddns_fwd_name (struct lease *, struct lease_state *, struct packet *);
22375d
-int nsupdateA (const char *, const unsigned char *, u_int32_t, int);
22375d
-int nsupdatePTR (const char *, const unsigned char *, u_int32_t, int);
22375d
-void nsupdate (struct lease *, struct lease_state *, struct packet *, int);
22375d
-int updateA (const struct data_string *, const struct data_string *,
22375d
-	     unsigned int, struct lease *);
22375d
-int updatePTR (const struct data_string *, const struct data_string *,
22375d
-	       unsigned int, struct lease *);
22375d
-int deleteA (const struct data_string *, const struct data_string *,
22375d
-	     struct lease *);
22375d
-int deletePTR (const struct data_string *, const struct data_string *,
22375d
-	       struct lease *);
22375d
-
22375d
 /* failover.c */
22375d
 #if defined (FAILOVER_PROTOCOL)
22375d
 extern dhcp_failover_state_t *failover_states;
22375d
@@ -3576,20 +3558,5 @@ void mark_hosts_unavailable(void);
22375d
 void mark_phosts_unavailable(void);
22375d
 void mark_interfaces_unavailable(void);
22375d
 
22375d
-dhcp_ddns_cb_t *ddns_cb_alloc(const char *file, int line);
22375d
-void ddns_cb_free (dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
-void ddns_cb_forget_zone (dhcp_ddns_cb_t *ddns_cb);
22375d
-
22375d
-//void *key_from_zone(struct dns_zone *zone);
22375d
-
22375d
-isc_result_t
22375d
-ddns_modify_fwd(dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
-
22375d
-isc_result_t
22375d
-ddns_modify_ptr(dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
-
22375d
-void
22375d
-ddns_cancel(dhcp_ddns_cb_t *ddns_cb, const char *file, int line);
22375d
-
22375d
 #define MAX_ADDRESS_STRING_LEN \
22375d
    (sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"))
22375d
diff --git a/includes/dhctoken.h b/includes/dhctoken.h
22375d
index 3d9a21d..a75eb97 100644
22375d
--- a/includes/dhctoken.h
22375d
+++ b/includes/dhctoken.h
22375d
@@ -32,6 +32,11 @@
22375d
  * ``http://www.nominum.com''.
22375d
  */
22375d
 
22375d
+/*
22375d
+ * The following tokens have been deprecated and aren't in use anymore.
22375d
+ * They have been left in place to avoid disturbing the code.
22375d
+ * DNS_UPDATE, DNS_DELETE, NS_UPDATE, UPDATED_DNS_RR
22375d
+ */
22375d
 enum dhcp_token {
22375d
 	SEMI = ';',
22375d
 	DOT = '.',
22375d
diff --git a/includes/site.h b/includes/site.h
22375d
index 8ff2834..1c7ec96 100644
22375d
--- a/includes/site.h
22375d
+++ b/includes/site.h
22375d
@@ -281,3 +281,17 @@
22375d
    limit the number of TCP connections that the server will
22375d
    allow at one time.  A value of 0 means there is no limit.*/
22375d
 #define MAX_FD_VALUE 200
22375d
+
22375d
+
22375d
+/* Include code to do a slow transition of DDNS records
22375d
+   from the interim to the standard version, or backwards.
22375d
+   The normal code will handle removing an old style record
22375d
+   when the name on a lease is being changed.  This adds code
22375d
+   to handle the case where the name isn't being changed but
22375d
+   the old record should be removed to allow a new record to
22375d
+   be added.  This is the slow transition as leases are only
22375d
+   updated as a client touches them.  A fast transition would
22375d
+   entail updating all the records at once, probably at start
22375d
+   up. */
22375d
+#define DDNS_UPDATE_SLOW_TRANSITION
22375d
+   
22375d
diff --git a/includes/tree.h b/includes/tree.h
22375d
index 291c0f6..746d31c 100644
22375d
--- a/includes/tree.h
22375d
+++ b/includes/tree.h
22375d
@@ -116,9 +116,6 @@ struct binding_value {
22375d
 		struct data_string data;
22375d
 		unsigned long intval;
22375d
 		int boolean;
22375d
-#if defined (NSUPDATE_OLD)
22375d
-		ns_updrec *dns;
22375d
-#endif
22375d
 		struct fundef *fundef;
22375d
 		struct binding_value *bv;
22375d
 	} value;
22375d
diff --git a/server/ddns.c b/server/ddns.c
22375d
index 2a64bc9..3cf15ce 100644
22375d
--- a/server/ddns.c
22375d
+++ b/server/ddns.c
22375d
@@ -36,6 +36,9 @@
22375d
 #include "dhcpd.h"
22375d
 #include <dns/result.h>
22375d
 
22375d
+char *ddns_standard_tag = "ddns-dhcid";
22375d
+char *ddns_interim_tag  = "ddns-txt";
22375d
+
22375d
 #ifdef NSUPDATE
22375d
 
22375d
 static void ddns_fwd_srv_connector(struct lease          *lease,
22375d
@@ -71,16 +74,13 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
22375d
 	struct data_string ddns_domainname;
22375d
 	struct data_string old_ddns_fwd_name;
22375d
 	struct data_string ddns_fwd_name;
22375d
-	//struct data_string ddns_rev_name;
22375d
 	struct data_string ddns_dhcid;
22375d
 	struct binding_scope **scope = NULL;
22375d
-	//struct iaddr addr;
22375d
 	struct data_string d1;
22375d
 	struct option_cache *oc;
22375d
 	int s1, s2;
22375d
 	int result = 0;
22375d
 	int server_updates_a = 1;
22375d
-	//int server_updates_ptr = 1;
22375d
 	struct buffer *bp = (struct buffer *)0;
22375d
 	int ignorep = 0, client_ignorep = 0;
22375d
 	int rev_name_len;
22375d
@@ -89,8 +89,9 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
22375d
 	dhcp_ddns_cb_t *ddns_cb;
22375d
 	int do_remove = 0;
22375d
 
22375d
-	if (ddns_update_style != 2)
22375d
-		return 0;
22375d
+	if ((ddns_update_style != DDNS_UPDATE_STYLE_STANDARD) &&
22375d
+	    (ddns_update_style != DDNS_UPDATE_STYLE_INTERIM))
22375d
+		return (0);
22375d
 
22375d
 	/*
22375d
 	 * sigh, I want to cancel any previous udpates before we do anything
22375d
@@ -149,7 +150,6 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
22375d
 	memset (&ddns_domainname, 0, sizeof (ddns_domainname));
22375d
 	memset (&old_ddns_fwd_name, 0, sizeof (ddns_fwd_name));
22375d
 	memset (&ddns_fwd_name, 0, sizeof (ddns_fwd_name));
22375d
-	//memset (&ddns_rev_name, 0, sizeof (ddns_rev_name));
22375d
 	memset (&ddns_dhcid, 0, sizeof (ddns_dhcid));
22375d
 
22375d
 	/* If we are allowed to accept the client's update of its own A
22375d
@@ -263,31 +263,22 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
22375d
 			goto in;
22375d
 		}
22375d
 
22375d
-		/* See if there's a DHCID on the lease, and if not
22375d
-		 * then potentially look for 'on events' for ad-hoc ddns.
22375d
+#if defined  (DDNS_UPDATE_SLOW_TRANSITION)
22375d
+		/*
22375d
+		 * If the slow transition code is enabled check to see
22375d
+		 * if the stored type (standard or interim doesn't
22375d
+		 * match the type currently in use.  If it doesn't
22375d
+		 * try to remove and replace the DNS record
22375d
 		 */
22375d
-		if (!find_bound_string(&ddns_dhcid, *scope, "ddns-txt") &&
22375d
-		    (old != NULL)) {
22375d
-			/* If there's no DHCID, the update was probably
22375d
-			   done with the old-style ad-hoc DDNS updates.
22375d
-			   So if the expiry and release events look like
22375d
-			   they're the same, run them.   This should delete
22375d
-			   the old DDNS data. */
22375d
-			if (old -> on_expiry == old -> on_release) {
22375d
-				execute_statements(NULL, NULL, lease, NULL,
22375d
-						   NULL, NULL, scope,
22375d
-						   old->on_expiry);
22375d
-				if (old -> on_expiry)
22375d
-					executable_statement_dereference
22375d
-						(&old -> on_expiry, MDL);
22375d
-				if (old -> on_release)
22375d
-					executable_statement_dereference
22375d
-						(&old -> on_release, MDL);
22375d
-				/* Now, install the DDNS data the new way. */
22375d
-				goto in;
22375d
-			}
22375d
-		} else
22375d
+		if (((ddns_update_style == DDNS_UPDATE_STYLE_STANDARD) &&
22375d
+		     find_bound_string(&ddns_dhcid, *scope, ddns_interim_tag)) ||
22375d
+		    ((ddns_update_style == DDNS_UPDATE_STYLE_INTERIM) &&
22375d
+		     find_bound_string(&ddns_dhcid, *scope, ddns_standard_tag))) {
22375d
 			data_string_forget(&ddns_dhcid, MDL);
22375d
+			do_remove = 1;
22375d
+			goto in;
22375d
+		}
22375d
+#endif
22375d
 
22375d
 		/* See if the administrator wants to do updates even
22375d
 		   in cases where the update already appears to have been
22375d
@@ -486,22 +477,68 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
22375d
 	}
22375d
 
22375d
 	/*
22375d
+	 * copy the string now so we can pass it to the dhcid routines
22375d
+	 * via the ddns_cb pointer
22375d
+	 */
22375d
+	data_string_copy(&ddns_cb->fwd_name, &ddns_fwd_name, MDL);
22375d
+
22375d
+	/*
22375d
 	 * If we are updating the A record, compute the DHCID value.
22375d
+	 * We have two options for computing the DHCID value, the older
22375d
+	 * interim version and the newer standard version.  The interim
22375d
+	 * has some issues but is left as is to avoid compatibility issues.
22375d
+	 *
22375d
+	 * We select the type of DHCID to construct and the information to
22375d
+	 * use for the digest based on 4701 section 3.3
22375d
 	 */
22375d
 	if ((ddns_cb->flags & DDNS_UPDATE_ADDR) != 0) {
22375d
-		if (lease6 != NULL)
22375d
-			result = get_dhcid(&ddns_cb->dhcid, 2,
22375d
-					   lease6->ia->iaid_duid.data,
22375d
-					   lease6->ia->iaid_duid.len);
22375d
-		else if ((lease != NULL) && (lease->uid != NULL) &&
22375d
-			 (lease->uid_len != 0))
22375d
-			result = get_dhcid (&ddns_cb->dhcid,
22375d
-					    DHO_DHCP_CLIENT_IDENTIFIER,
22375d
-					    lease -> uid, lease -> uid_len);
22375d
-		else if (lease != NULL)
22375d
-			result = get_dhcid (&ddns_cb->dhcid, 0,
22375d
-					    lease -> hardware_addr.hbuf,
22375d
-					    lease -> hardware_addr.hlen);
22375d
+		int ddns_type;
22375d
+		int ddns_len;
22375d
+		if (ddns_update_style == DDNS_UPDATE_STYLE_STANDARD) {
22375d
+			/* The standard style */
22375d
+			ddns_cb->lease_tag = ddns_standard_tag;
22375d
+			ddns_cb->dhcid_class = dns_rdatatype_dhcid;
22375d
+			ddns_type = 1;
22375d
+			ddns_len = 4;
22375d
+		} else {
22375d
+			/* The older interim style */
22375d
+			ddns_cb->lease_tag = ddns_interim_tag;
22375d
+			ddns_cb->dhcid_class = dns_rdatatype_txt;
22375d
+			/* for backwards compatibility */
22375d
+			ddns_type = DHO_DHCP_CLIENT_IDENTIFIER;
22375d
+			/* IAID incorrectly included */
22375d
+			ddns_len = 0;
22375d
+		}
22375d
+
22375d
+
22375d
+		if (lease6 != NULL) {
22375d
+			if (lease6->ia->iaid_duid.len < ddns_len)
22375d
+				goto badfqdn;
22375d
+			result = get_dhcid(ddns_cb, 2,
22375d
+					   lease6->ia->iaid_duid.data + ddns_len,
22375d
+					   lease6->ia->iaid_duid.len - ddns_len);
22375d
+		} else if ((lease != NULL) &&
22375d
+			   (lease->uid != NULL) &&
22375d
+			   (lease->uid_len != 0)) {
22375d
+			/* If this is standard check for an RFC 4361
22375d
+			 * compliant client identifier
22375d
+			 */
22375d
+			if ((ddns_update_style == DDNS_UPDATE_STYLE_STANDARD) &&
22375d
+			    (lease->uid[0] == 255)) {
22375d
+				if (lease->uid_len < 5)
22375d
+					goto badfqdn;
22375d
+				result = get_dhcid(ddns_cb, 2,
22375d
+						   lease->uid + 5,
22375d
+						   lease->uid_len - 5);
22375d
+			} else {
22375d
+				result = get_dhcid(ddns_cb, ddns_type,
22375d
+						   lease->uid,
22375d
+						   lease->uid_len);
22375d
+			}
22375d
+		} else if (lease != NULL)
22375d
+			result = get_dhcid(ddns_cb, 0,
22375d
+					   lease->hardware_addr.hbuf,
22375d
+					   lease->hardware_addr.hlen);
22375d
 		else
22375d
 			log_fatal("Impossible condition at %s:%d.", MDL);
22375d
 
22375d
@@ -513,8 +550,6 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
22375d
 	 * Perform updates.
22375d
 	 */
22375d
 
22375d
-	data_string_copy(&ddns_cb->fwd_name, &ddns_fwd_name, MDL);
22375d
-
22375d
 	if (ddns_cb->flags && DDNS_UPDATE_ADDR) {
22375d
 		oc = lookup_option(&server_universe, options,
22375d
 				   SV_DDNS_CONFLICT_DETECT);
22375d
@@ -707,8 +742,6 @@ ddns_updates(struct packet *packet, struct lease *lease, struct lease *old,
22375d
 	data_string_forget(&ddns_domainname, MDL);
22375d
 	data_string_forget(&old_ddns_fwd_name, MDL);
22375d
 	data_string_forget(&ddns_fwd_name, MDL);
22375d
-	//data_string_forget(&ddns_rev_name, MDL);
22375d
-	//data_string_forget(&ddns_dhcid, MDL);
22375d
 	if (bp)
22375d
 		buffer_dereference(&bp, MDL);
22375d
 
22375d
@@ -822,18 +855,21 @@ ddns_update_lease_text(dhcp_ddns_cb_t        *ddns_cb,
22375d
 	case DDNS_STATE_ADD_FW_NXDOMAIN:
22375d
 		bind_ds_value(scope, "ddns-fwd-name", &ddns_cb->fwd_name);
22375d
 
22375d
-		/* convert from dns version to lease version of dhcid */
22375d
-		memset(&lease_dhcid, 0, sizeof(lease_dhcid));
22375d
-		dhcid_tolease(&ddns_cb->dhcid, &lease_dhcid);
22375d
-		bind_ds_value(scope, "ddns-txt", &lease_dhcid);
22375d
-		data_string_forget(&lease_dhcid, MDL);
22375d
-
22375d
+		if (ddns_cb->lease_tag == ddns_standard_tag) {
22375d
+			bind_ds_value(scope, ddns_standard_tag, &ddns_cb->dhcid);
22375d
+		} else {
22375d
+			/* convert from dns version to lease version of dhcid */
22375d
+			memset(&lease_dhcid, 0, sizeof(lease_dhcid));
22375d
+			dhcid_tolease(&ddns_cb->dhcid, &lease_dhcid);
22375d
+			bind_ds_value(scope, ddns_interim_tag, &lease_dhcid);
22375d
+			data_string_forget(&lease_dhcid, MDL);
22375d
+		}
22375d
 		break;
22375d
 
22375d
 	case DDNS_STATE_REM_FW_NXRR:
22375d
 	case DDNS_STATE_REM_FW_YXDHCID:
22375d
 		unset(*scope, "ddns-fwd-name");
22375d
-		unset(*scope, "ddns-txt");
22375d
+		unset(*scope, ddns_cb->lease_tag);
22375d
 		break;
22375d
 	}
22375d
 		
22375d
@@ -1791,7 +1827,8 @@ ddns_removals(struct lease    *lease,
22375d
 	if (*scope == NULL)
22375d
 		goto cleanup;
22375d
 
22375d
-	if (ddns_update_style != 2)
22375d
+	if ((ddns_update_style != DDNS_UPDATE_STYLE_STANDARD) &&
22375d
+	    (ddns_update_style != DDNS_UPDATE_STYLE_INTERIM))
22375d
 		goto cleanup;
22375d
 
22375d
 	/* Assume that we are removing both records */
22375d
@@ -1823,15 +1860,22 @@ ddns_removals(struct lease    *lease,
22375d
 	}
22375d
 
22375d
 	/*
22375d
-	 * Find the ptr name and copy it to the control block.  If we don't
22375d
-	 * have it this isn't an interim or rfc3??? record so we can't delete
22375d
+	 * Find the txt or dhcid tag and copy it to the control block.  If we don't
22375d
+	 * have one this isn't an interim or standard record so we can't delete
22375d
 	 * the A record using this mechanism but we can delete the ptr record.
22375d
 	 * In this case we will attempt to do any requested next step.
22375d
 	 */
22375d
 	memset(&leaseid, 0, sizeof(leaseid));
22375d
-	if (!find_bound_string (&leaseid, *scope, "ddns-txt")) {
22375d
-		ddns_cb->flags &= ~DDNS_UPDATE_ADDR;
22375d
-	} else {
22375d
+	if (find_bound_string (&leaseid, *scope, ddns_standard_tag)) {
22375d
+		/* We have a standard tag */
22375d
+		ddns_cb->lease_tag = ddns_standard_tag;
22375d
+		ddns_cb->dhcid_class = dns_rdatatype_dhcid;
22375d
+		data_string_copy(&ddns_cb->dhcid, &leaseid, MDL);
22375d
+		data_string_forget(&leaseid, MDL);
22375d
+	} else 	if (find_bound_string (&leaseid, *scope, ddns_interim_tag)) {
22375d
+		/* we have an interim tag */
22375d
+		ddns_cb->lease_tag = ddns_interim_tag;
22375d
+		ddns_cb->dhcid_class = dns_rdatatype_txt;
22375d
 		if (dhcid_fromlease(&ddns_cb->dhcid, &leaseid) != 
22375d
 		    ISC_R_SUCCESS) {
22375d
 			/* We couldn't convert the dhcid from the lease
22375d
@@ -1841,7 +1885,9 @@ ddns_removals(struct lease    *lease,
22375d
 			ddns_cb->flags &= ~DDNS_UPDATE_ADDR;
22375d
 		}
22375d
 		data_string_forget(&leaseid, MDL);
22375d
-	}
22375d
+	} else {
22375d
+		ddns_cb->flags &= ~DDNS_UPDATE_ADDR;
22375d
+	}		
22375d
 
22375d
 	/*
22375d
 	 * Find the rev name and copy it to the control block.  If we don't
22375d
@@ -1888,7 +1934,7 @@ ddns_removals(struct lease    *lease,
22375d
 		else {
22375d
 			/*remove info from scope */
22375d
 			unset(*scope, "ddns-fwd-name");
22375d
-			unset(*scope, "ddns-txt");
22375d
+			unset(*scope, ddns_cb->lease_tag);
22375d
 		}
22375d
 	}
22375d
 
22375d
diff --git a/server/dhcpd.c b/server/dhcpd.c
22375d
index 67fec83..9617d75 100644
22375d
--- a/server/dhcpd.c
22375d
+++ b/server/dhcpd.c
22375d
@@ -82,86 +82,6 @@ option server.ddns-hostname =						    \n\
22375d
 option server.ddns-domainname =	config-option domain-name;		    \n\
22375d
 option server.ddns-rev-domainname = \"in-addr.arpa.\";";
22375d
 
22375d
-/* This is the old-style name service updater that is executed
22375d
-   whenever a lease is committed.  It does not follow the DHCP-DNS
22375d
-   draft at all. */
22375d
-
22375d
-char old_nsupdate [] = "						    \n\
22375d
-on commit {								    \n\
22375d
-  if (not static and							    \n\
22375d
-      ((config-option server.ddns-updates = null) or			    \n\
22375d
-       (config-option server.ddns-updates != 0))) {			    \n\
22375d
-    set new-ddns-fwd-name =						    \n\
22375d
-      concat (pick (config-option server.ddns-hostname,			    \n\
22375d
-		    option host-name), \".\",				    \n\
22375d
-	      pick (config-option server.ddns-domainname,		    \n\
22375d
-		    config-option domain-name));			    \n\
22375d
-    if (defined (ddns-fwd-name) and ddns-fwd-name != new-ddns-fwd-name) {   \n\
22375d
-      switch (ns-update (delete (IN, A, ddns-fwd-name, leased-address))) {  \n\
22375d
-      case NOERROR:							    \n\
22375d
-	unset ddns-fwd-name;						    \n\
22375d
-	on expiry or release {						    \n\
22375d
-	}								    \n\
22375d
-      }									    \n\
22375d
-    }									    \n\
22375d
-									    \n\
22375d
-    if (not defined (ddns-fwd-name)) {					    \n\
22375d
-      set ddns-fwd-name = new-ddns-fwd-name;				    \n\
22375d
-      if defined (ddns-fwd-name) {					    \n\
22375d
-	switch (ns-update (not exists (IN, A, ddns-fwd-name, null),	    \n\
22375d
-			   add (IN, A, ddns-fwd-name, leased-address,	    \n\
22375d
-				lease-time / 2))) {			    \n\
22375d
-	default:							    \n\
22375d
-	  unset ddns-fwd-name;						    \n\
22375d
-	  break;							    \n\
22375d
-									    \n\
22375d
-	case NOERROR:							    \n\
22375d
-	  set ddns-rev-name =						    \n\
22375d
-	    concat (binary-to-ascii (10, 8, \".\",			    \n\
22375d
-				     reverse (1,			    \n\
22375d
-					      leased-address)), \".\",	    \n\
22375d
-		    pick (config-option server.ddns-rev-domainname,	    \n\
22375d
-			  \"in-addr.arpa.\"));				    \n\
22375d
-	  switch (ns-update (delete (IN, PTR, ddns-rev-name, null),	    \n\
22375d
-			     add (IN, PTR, ddns-rev-name, ddns-fwd-name,    \n\
22375d
-				  lease-time / 2)))			    \n\
22375d
-	    {								    \n\
22375d
-	    default:							    \n\
22375d
-	      unset ddns-rev-name;					    \n\
22375d
-	      on release or expiry {					    \n\
22375d
-		switch (ns-update (delete (IN, A, ddns-fwd-name,	    \n\
22375d
-					   leased-address))) {		    \n\
22375d
-		case NOERROR:						    \n\
22375d
-		  unset ddns-fwd-name;					    \n\
22375d
-		  break;						    \n\
22375d
-		}							    \n\
22375d
-		on release or expiry;					    \n\
22375d
-	      }								    \n\
22375d
-	      break;							    \n\
22375d
-									    \n\
22375d
-	    case NOERROR:						    \n\
22375d
-	      on release or expiry {					    \n\
22375d
-		switch (ns-update (delete (IN, PTR, ddns-rev-name, null))) {\n\
22375d
-		case NOERROR:						    \n\
22375d
-		  unset ddns-rev-name;					    \n\
22375d
-		  break;						    \n\
22375d
-		}							    \n\
22375d
-		switch (ns-update (delete (IN, A, ddns-fwd-name,	    \n\
22375d
-					   leased-address))) {		    \n\
22375d
-		case NOERROR:						    \n\
22375d
-		  unset ddns-fwd-name;					    \n\
22375d
-		  break;						    \n\
22375d
-		}							    \n\
22375d
-		on release or expiry;					    \n\
22375d
-	      }								    \n\
22375d
-	    }								    \n\
22375d
-	}								    \n\
22375d
-      }									    \n\
22375d
-    }									    \n\
22375d
-    unset new-ddns-fwd-name;						    \n\
22375d
-  }									    \n\
22375d
-}";
22375d
-
22375d
 #endif /* NSUPDATE */
22375d
 int ddns_update_style;
22375d
 
22375d
@@ -897,9 +817,6 @@ void postconf_initialization (int quiet)
22375d
 	struct option_cache *oc;
22375d
 	char *s;
22375d
 	isc_result_t result;
22375d
-#if defined (NSUPDATE)
22375d
-	struct parse *parse;
22375d
-#endif
22375d
 	int tmp;
22375d
 
22375d
 	/* Now try to get the lease file name. */
22375d
@@ -1160,49 +1077,6 @@ void postconf_initialization (int quiet)
22375d
 
22375d
 	/* Don't need the options anymore. */
22375d
 	option_state_dereference (&options, MDL);
22375d
-	
22375d
-#if defined (NSUPDATE)
22375d
-	/* If old-style ddns updates have been requested, parse the
22375d
-	   old-style ddns updater. */
22375d
-	if (ddns_update_style == 1) {
22375d
-		struct executable_statement **e, *s;
22375d
-
22375d
-		if (root_group -> statements) {
22375d
-			s = (struct executable_statement *)0;
22375d
-			if (!executable_statement_allocate (&s, MDL))
22375d
-				log_fatal ("no memory for ddns updater");
22375d
-			executable_statement_reference
22375d
-				(&s -> next, root_group -> statements, MDL);
22375d
-			executable_statement_dereference
22375d
-				(&root_group -> statements, MDL);
22375d
-			executable_statement_reference
22375d
-				(&root_group -> statements, s, MDL);
22375d
-			s -> op = statements_statement;
22375d
-			e = &s -> data.statements;
22375d
-			executable_statement_dereference (&s, MDL);
22375d
-		} else {
22375d
-			e = &root_group -> statements;
22375d
-		}
22375d
-
22375d
-		/* Set up the standard name service updater routine. */
22375d
-		parse = NULL;
22375d
-		result = new_parse(&parse, -1, old_nsupdate,
22375d
-				   sizeof(old_nsupdate) - 1,
22375d
-				   "old name service update routine", 0);
22375d
-		if (result != ISC_R_SUCCESS)
22375d
-			log_fatal ("can't begin parsing old ddns updater!");
22375d
-
22375d
-		if (parse != NULL) {
22375d
-			tmp = 0;
22375d
-			if (!(parse_executable_statements(e, parse, &tmp,
22375d
-							  context_any))) {
22375d
-				end_parse(&parse;;
22375d
-				log_fatal("can't parse standard ddns updater!");
22375d
-			}
22375d
-		}
22375d
-		end_parse(&parse;;
22375d
-	}
22375d
-#endif
22375d
 }
22375d
 
22375d
 void postdb_startup (void)
22375d
diff --git a/server/dhcpd.conf.5 b/server/dhcpd.conf.5
22375d
index 74393c2..2351e21 100644
22375d
--- a/server/dhcpd.conf.5
22375d
+++ b/server/dhcpd.conf.5
22375d
@@ -1076,115 +1076,24 @@ the Domain Name System to be updated.  These updates are RFC 2136
22375d
 compliant so any DNS server supporting RFC 2136 should be able to
22375d
 accept updates from the DHCP server.
22375d
 .PP
22375d
-Two DNS update schemes are currently implemented, and another is
22375d
-planned.  The two that are currently implemented are the ad-hoc DNS
22375d
-update mode and the interim DHCP-DNS interaction draft update mode.
22375d
-In the future we plan to add a third mode which will be the standard
22375d
-DNS update method based on the RFCS for DHCP-DNS interaction and DHCID
22375d
-The DHCP server must be configured to use one of the two
22375d
-currently-supported methods, or not to do dns updates.
22375d
-This can be done with the
22375d
+There are two DNS schemes implemented.  The interim option is
22375d
+based on draft revisions of the DDNS documents while the standard
22375d
+option is based on the RFCs for DHCP-DNS interaction and DHCIDs.
22375d
+A third option, ad-hoc, was deprecated and has now been removed
22375d
+from the code base.  The DHCP server must be configured to use
22375d
+one of the two currently-supported methods, or not to do DNS updates.
22375d
+.PP
22375d
+New installations should use the standard option. Older
22375d
+installations may want to continue using the interim option for
22375d
+backwards compatibility with the DNS database until the database
22375d
+can be updated.  This can be done with the
22375d
 .I ddns-update-style
22375d
 configuration parameter.
22375d
-.SH THE AD-HOC DNS UPDATE SCHEME
22375d
-The ad-hoc Dynamic DNS update scheme is
22375d
-.B now deprecated
22375d
-and
22375d
-.B
22375d
-does not work.
22375d
-In future releases of the ISC DHCP server, this scheme will not likely be
22375d
-available.  The interim scheme works, allows for failover, and should now be
22375d
-used.  The following description is left here for informational purposes
22375d
-only.
22375d
-.PP
22375d
-The ad-hoc Dynamic DNS update scheme implemented in this version of
22375d
-the ISC DHCP server is a prototype design, which does not
22375d
-have much to do with the standard update method that is being
22375d
-standardized in the IETF DHC working group, but rather implements some
22375d
-very basic, yet useful, update capabilities.  This mode
22375d
-.B does not work
22375d
-with the
22375d
-.I failover protocol
22375d
-because it does not account for the possibility of two different DHCP
22375d
-servers updating the same set of DNS records.
22375d
-.PP
22375d
-For the ad-hoc DNS update method, the client's FQDN is derived in two
22375d
-parts.  First, the hostname is determined.  Then, the domain name is
22375d
-determined, and appended to the hostname.
22375d
-.PP
22375d
-The DHCP server determines the client's hostname by first looking for
22375d
-a \fIddns-hostname\fR configuration option, and using that if it is
22375d
-present.  If no such option is present, the server looks for a
22375d
-valid hostname in the FQDN option sent by the client.  If one is
22375d
-found, it is used; otherwise, if the client sent a host-name option,
22375d
-that is used.  Otherwise, if there is a host declaration that applies
22375d
-to the client, the name from that declaration will be used.  If none
22375d
-of these applies, the server will not have a hostname for the client,
22375d
-and will not be able to do a DNS update.
22375d
-.PP
22375d
-The domain name is determined from the
22375d
-.I ddns-domainname
22375d
-configuration option.  The default configuration for this option is:
22375d
-.nf
22375d
-.sp 1
22375d
-  option server.ddns-domainname = config-option domain-name;
22375d
-
22375d
-.fi
22375d
-So if this configuration option is not configured to a different
22375d
-value (over-riding the above default), or if a domain-name option
22375d
-has not been configured for the client's scope, then the server will
22375d
-not attempt to perform a DNS update.
22375d
-.PP
22375d
-The client's fully-qualified domain name, derived as we have
22375d
-described, is used as the name on which an "A" record will be stored.
22375d
-The A record will contain the IP address that the client was assigned
22375d
-in its lease.  If there is already an A record with the same name in
22375d
-the DNS server, no update of either the A or PTR records will occur -
22375d
-this prevents a client from claiming that its hostname is the name of
22375d
-some network server.  For example, if you have a fileserver called
22375d
-"fs.sneedville.edu", and the client claims its hostname is "fs", no
22375d
-DNS update will be done for that client, and an error message will be
22375d
-logged.
22375d
-.PP
22375d
-If the A record update succeeds, a PTR record update for the assigned
22375d
-IP address will be done, pointing to the A record.  This update is
22375d
-unconditional - it will be done even if another PTR record of the same
22375d
-name exists.  Since the IP address has been assigned to the DHCP
22375d
-server, this should be safe.
22375d
-.PP
22375d
-Please note that the current implementation assumes clients only have
22375d
-a single network interface.  A client with two network interfaces
22375d
-will see unpredictable behavior.  This is considered a bug, and will
22375d
-be fixed in a later release.  It may be helpful to enable the
22375d
-.I one-lease-per-client
22375d
-parameter so that roaming clients do not trigger this same behavior.
22375d
-.PP
22375d
-The DHCP protocol normally involves a four-packet exchange - first the
22375d
-client sends a DHCPDISCOVER message, then the server sends a
22375d
-DHCPOFFER, then the client sends a DHCPREQUEST, then the server sends
22375d
-a DHCPACK.  In the current version of the server, the server will do
22375d
-a DNS update after it has received the DHCPREQUEST, and before it has
22375d
-sent the DHCPACK.  It only sends the DNS update if it has not sent
22375d
-one for the client's address before, in order to minimize the impact
22375d
-on the DHCP server.
22375d
-.PP
22375d
-When the client's lease expires, the DHCP server (if it is operating
22375d
-at the time, or when next it operates) will remove the client's A and
22375d
-PTR records from the DNS database.  If the client releases its lease
22375d
-by sending a DHCPRELEASE message, the server will likewise remove the
22375d
-A and PTR records.
22375d
-.SH THE INTERIM DNS UPDATE SCHEME
22375d
-The interim DNS update scheme operates mostly according to several
22375d
-drafts considered by the IETF.  While the drafts have since become
22375d
-RFCs the code was written before they were finalized and there are
22375d
-some differences between our code and the final RFCs.  We plan to
22375d
-update our code, probably adding a standard DNS update option, at
22375d
-some time.  The basic framework is similar with the main material
22375d
-difference being that a DHCID RR was assigned in the RFCs whereas
22375d
-our code continues to use an experimental TXT record.  The format
22375d
-of the TXT record bears a resemblance to the DHCID RR but it is not
22375d
-equivalent (MD5 vs SHA1, field length differences etc).
22375d
-The standard RFCs are:
22375d
+.SH THE DNS UPDATE SCHEME
22375d
+the interim and standard DNS update schemes operate mostly according
22375d
+to work from the IETF.  The interim version was based on the drafts
22375d
+in progress at the time while the standard is based on the completed
22375d
+RFCs.  The standard RFCs are:
22375d
 .PP
22375d
 .nf
22375d
 .ce 3
22375d
@@ -1202,15 +1111,17 @@ draft-ietf-dhc-fqdn-option-??.txt
22375d
 draft-ietf-dhc-ddns-resolution-??.txt
22375d
 .fi
22375d
 .PP
22375d
-Because our implementation is slightly different than the standard, we
22375d
-will briefly document the operation of this update style here.
22375d
+The basic framework for the two schemes is similar with the main
22375d
+material difference being that a DHCID RR is used in the standard
22375d
+version while the interim versions uses a TXT RR.  The format
22375d
+of the TXT record bears a resemblance to the DHCID RR but it is not
22375d
+equivalent (MD5 vs SHA2, field length differences etc).
22375d
 .PP
22375d
-The first point to understand about this style of DNS update is that
22375d
-unlike the ad-hoc style, the DHCP server does not necessarily
22375d
+In these two schemes the DHCP server does not necessarily
22375d
 always update both the A and the PTR records.  The FQDN option
22375d
 includes a flag which, when sent by the client, indicates that the
22375d
 client wishes to update its own A record.  In that case, the server
22375d
-can be configured either to honor the client's intentions or ignore
22375d
+can be configured either to honor the client\'s intentions or ignore
22375d
 them.  This is done with the statement \fIallow client-updates;\fR or
22375d
 the statement \fIignore client-updates;\fR.  By default, client
22375d
 updates are allowed.
22375d
@@ -1230,15 +1141,14 @@ IP address, it can update its own A record, assuming that the
22375d
 "radish.org" DNS server will allow it to do so.
22375d
 .PP
22375d
 If the server is configured not to allow client updates, or if the
22375d
-client doesn't want to do its own update, the server will simply
22375d
+client doesn\'t want to do its own update, the server will simply
22375d
 choose a name for the client from either the fqdn option (if present)
22375d
 or the hostname option (if present).  It will use its own
22375d
-domain name for the client, just as in the ad-hoc update scheme.
22375d
-It will then update both the A and PTR record, using the name that it
22375d
-chose for the client.  If the client sends a fully-qualified domain
22375d
-name in the fqdn option, the server uses only the leftmost part of the
22375d
-domain name - in the example above, "jschmoe" instead of
22375d
-"jschmoe.radish.org".
22375d
+domain name for the client.  It will then update both the A and PTR
22375d
+record, using the name that it chose for the client.  If the client
22375d
+sends a fully-qualified domain name in the \fBfqdn\fR option, the
22375d
+server uses only the leftmost part of the domain name - in the
22375d
+example above, "jschmoe" instead of "jschmoe.radish.org".
22375d
 .PP
22375d
 Further, if the \fIignore client-updates;\fR directive is used, then
22375d
 the server will in addition send a response in the DHCP packet, using
22375d
@@ -1248,49 +1158,41 @@ response is sent which indicates the client may not perform updates.
22375d
 .PP
22375d
 Also, if the
22375d
 .I use-host-decl-names
22375d
-configuration option is enabled, then the host declaration's
22375d
+configuration option is enabled, then the host declaration\'s
22375d
 .I hostname
22375d
 will be used in place of the
22375d
 .I hostname
22375d
 option, and the same rules will apply as described above.
22375d
 .PP
22375d
-The other difference between the ad-hoc scheme and the interim
22375d
-scheme is that with the interim scheme, a method is used that
22375d
-allows more than one DHCP server to update the DNS database without
22375d
-accidentally deleting A records that shouldn't be deleted nor failing
22375d
-to add A records that should be added.  The scheme works as follows:
22375d
+Both the standard and interim options also include a method to 
22375d
+allow more than one DHCP server to update the DNS database without
22375d
+accidentally deleting A records that shouldn\'t be deleted nor failing
22375d
+to add A records that should be added.  For the standard option the
22375d
+method works as follows:
22375d
 .PP
22375d
 When the DHCP server issues a client a new lease, it creates a text
22375d
-string that is an MD5 hash over the DHCP client's identification (see
22375d
-draft-ietf-dnsext-dhcid-rr-??.txt for details).  The update adds an A
22375d
-record with the name the server chose and a TXT record containing the
22375d
+string that is an SHA hash over the DHCP client\'s identification (see
22375d
+RFCs 4701 & 4702 for details).  The update attempts to add an A
22375d
+record with the name the server chose and a DHCID record containing the
22375d
 hashed identifier string (hashid).  If this update succeeds, the
22375d
 server is done.
22375d
 .PP
22375d
 If the update fails because the A record already exists, then the DHCP
22375d
 server attempts to add the A record with the prerequisite that there
22375d
-must be a TXT record in the same name as the new A record, and that
22375d
-TXT record's contents must be equal to hashid.  If this update
22375d
+must be a DHCID record in the same name as the new A record, and that
22375d
+DHCID record\'s contents must be equal to hashid.  If this update
22375d
 succeeds, then the client has its A record and PTR record.  If it
22375d
 fails, then the name the client has been assigned (or requested) is in
22375d
-use, and can't be used by the client.  At this point the DHCP server
22375d
+use, and can\'t be used by the client.  At this point the DHCP server
22375d
 gives up trying to do a DNS update for the client until the client
22375d
 chooses a new name.
22375d
 .PP
22375d
-The interim DNS update scheme is called interim for two reasons.
22375d
-First, it does not quite follow the RFCs.  The RFCs call for a
22375d
-new DHCID RRtype while he interim DNS update scheme uses a TXT record.
22375d
-The ddns-resolution draft called for the DHCP server to put a DHCID RR
22375d
-on the PTR record, but the \fIinterim\fR update method does not do this.
22375d
-In the final RFC this requirement was relaxed such that a server may
22375d
-add a DHCID RR to the PTR record.
22375d
-.PP
22375d
-In addition to these differences, the server also does not update very
22375d
-aggressively.  Because each DNS update involves a round trip to the
22375d
-DNS server, there is a cost associated with doing updates even if they
22375d
-do not actually modify the DNS database.  So the DHCP server tracks
22375d
-whether or not it has updated the record in the past (this information
22375d
-is stored on the lease) and does not attempt to update records that it
22375d
+The server also does not update very aggressively.  Because each
22375d
+DNS update involves a round trip to the DNS server, there is a cost
22375d
+associated with doing updates even if they do not actually modify
22375d
+the DNS database.  So the DHCP server tracks whether or not it has
22375d
+updated the record in the past (this information is stored on the
22375d
+lease) and does not attempt to update records that it
22375d
 thinks it has already updated.
22375d
 .PP
22375d
 This can lead to cases where the DHCP server adds a record, and then
22375d
@@ -1299,6 +1201,15 @@ never again updates the DNS because it thinks the data is already
22375d
 there.  In this case the data can be removed from the lease through
22375d
 operator intervention, and once this has been done, the DNS will be
22375d
 updated the next time the client renews.
22375d
+.PP
22375d
+The interim DNS update scheme was written before the RFCs were finalized
22375d
+and does not quite follow them.  The RFCs call for a new DHCID RRtype
22375d
+while he interim DNS update scheme uses a TXT record.  In addition
22375d
+the ddns-resolution draft called for the DHCP server to put a DHCID RR
22375d
+on the PTR record, but the \fIinterim\fR update method does not do this.
22375d
+In the final RFC this requirement was relaxed such that a server may
22375d
+add a DHCID RR to the PTR record.
22375d
+.PP
22375d
 .SH DYNAMIC DNS UPDATE SECURITY
22375d
 .PP
22375d
 When you set your DNS server up to allow updates from the DHCP server,
22375d
@@ -1380,24 +1291,15 @@ Also keep in mind that zone names in your DHCP configuration should end in a
22375d
 configuration, zone names are not encapsulated in quotes where there are in
22375d
 the DNS configuration.
22375d
 .PP
22375d
-You should choose your own secret key, of course.  The ISC BIND 8 and
22375d
-9 distributions come with a program for generating secret keys called
22375d
-dnssec-keygen.  The version that comes with BIND 9 is likely to produce a
22375d
-substantially more random key, so we recommend you use that one even
22375d
-if you are not using BIND 9 as your DNS server.  If you are using BIND 9's
22375d
+You should choose your own secret key, of course.  The ISC BIND 9
22375d
+distribution comes with a program for generating secret keys called
22375d
+dnssec-keygen.  If you are using BIND 9\'s
22375d
 dnssec-keygen, the above key would be created as follows:
22375d
 .PP
22375d
 .nf
22375d
 	dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
22375d
 .fi
22375d
 .PP
22375d
-If you are using the BIND 8 dnskeygen program, the following command will
22375d
-generate a key as seen above:
22375d
-.PP
22375d
-.nf
22375d
-	dnskeygen -H 128 -u -c -n DHCP_UPDATER
22375d
-.fi
22375d
-.PP
22375d
 The key name, algorithm, and secret must match that being used by the DNS
22375d
 server. The DHCP server currently supports the following algorithms:
22375d
 .nf
22375d
@@ -1451,15 +1353,7 @@ and the expiry event, when the commitment expires.
22375d
 To declare a set of statements to execute when an event happens, you
22375d
 must use the \fBon\fR statement, followed by the name of the event,
22375d
 followed by a series of statements to execute when the event happens,
22375d
-enclosed in braces.  Events are used to implement DNS
22375d
-updates, so you should not define your own event handlers if you are
22375d
-using the built-in DNS update mechanism.
22375d
-.PP
22375d
-The built-in version of the DNS update mechanism is in a text
22375d
-string towards the top of server/dhcpd.c.  If you want to use events
22375d
-for things other than DNS updates, and you also want DNS updates, you
22375d
-will have to start out by copying this code into your dhcpd.conf file
22375d
-and modifying it.
22375d
+enclosed in braces.
22375d
 .SH REFERENCE: DECLARATIONS
22375d
 .PP
22375d
 .B The
22375d
@@ -2109,7 +2003,7 @@ The \fIddns-update-style\fR parameter
22375d
 .PP
22375d
 The
22375d
 .I style
22375d
-parameter must be one of \fBad-hoc\fR, \fBinterim\fR or \fBnone\fR.
22375d
+parameter must be one of \fBstandard\fR, \fBinterim\fR or \fBnone\fR.
22375d
 The \fIddns-update-style\fR statement is only meaningful in the outer
22375d
 scope - it is evaluated once after reading the dhcpd.conf file, rather
22375d
 than each time a client is assigned an IP address, so there is no way
22375d
@@ -2186,16 +2080,15 @@ statement
22375d
 .B do-forward-updates \fIflag\fB;\fR
22375d
 .PP
22375d
 The \fIdo-forward-updates\fR statement instructs the DHCP server as
22375d
-to whether it should attempt to update a DHCP client's A record
22375d
+to whether it should attempt to update a DHCP client\'s A record
22375d
 when the client acquires or renews a lease.  This statement has no
22375d
-effect unless DNS updates are enabled and \fBddns-update-style\fR is
22375d
-set to \fBinterim\fR.  Forward updates are enabled by default.  If
22375d
-this statement is used to disable forward updates, the DHCP server
22375d
-will never attempt to update the client's A record, and will only ever
22375d
-attempt to update the client's PTR record if the client supplies an
22375d
-FQDN that should be placed in the PTR record using the fqdn option.
22375d
-If forward updates are enabled, the DHCP server will still honor the
22375d
-setting of the \fBclient-updates\fR flag.
22375d
+effect unless DNS updates are enabled.  Forward updates are enabled
22375d
+by default.  If this statement is used to disable forward updates,
22375d
+the DHCP server will never attempt to update the client\'s A record,
22375d
+and will only ever attempt to update the client\'s PTR record if the
22375d
+client supplies an FQDN that should be placed in the PTR record using
22375d
+the \fBfqdn\fR option.  If forward updates are enabled, the DHCP server
22375d
+will still honor the setting of the \fBclient-updates\fR flag.
22375d
 .RE
22375d
 .PP
22375d
 The
22375d
@@ -2747,7 +2640,7 @@ on which the request arrived.
22375d
 The usual case where the
22375d
 \fIserver-identifier\fR statement needs to be sent is when a physical
22375d
 interface has more than one IP address, and the one being sent by default
22375d
-isn't appropriate for some or all clients served by that interface.
22375d
+isn\'t appropriate for some or all clients served by that interface.
22375d
 Another common case is when an alias is defined for the purpose of
22375d
 having a consistent IP address for the DHCP server, and it is desired
22375d
 that the clients use this IP address when contacting the server.
22375d
diff --git a/server/stables.c b/server/stables.c
22375d
index 6a900c8..8ef8bf2 100644
22375d
--- a/server/stables.c
22375d
+++ b/server/stables.c
22375d
@@ -3,7 +3,7 @@
22375d
    Tables of information only used by server... */
22375d
 
22375d
 /*
22375d
- * Copyright (c) 2004-2011 by Internet Systems Consortium, Inc. ("ISC")
22375d
+ * Copyright (c) 2004-2011,2013 by Internet Systems Consortium, Inc. ("ISC")
22375d
  * Copyright (c) 1995-2003 by Internet Software Consortium
22375d
  *
22375d
  * Permission to use, copy, modify, and distribute this software for any
22375d
@@ -330,6 +330,7 @@ struct enumeration_value ddns_styles_values [] = {
22375d
 	{ "none", 0 },
22375d
 	{ "ad-hoc", 1 },
22375d
 	{ "interim", 2 },
22375d
+	{ "standard", 3 },
22375d
 	{ (char *)0, 0 }
22375d
 };
22375d