DHCID RecordWhat is a DHCID record?
DHCID (DHCP Identifier) records are used to associate a DNS name with a DHCP client, preventing conflicts when multiple DHCP clients attempt to register the same DNS name. Defined in RFC 4701, DHCID records are created and managed automatically by DHCP servers that perform Dynamic DNS (DDNS) updates on behalf of their clients. They are not typically created manually by domain administrators.
DHCID record format
A typical DHCID record looks like the following in standard BIND format:
$ORIGIN dynu.biz.
client-host 3600 IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
An anatomy of the DHCID record
client-host 3600 IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
looks like the below:
| Host Label | TTL | Record Class | Record Type | DHCID RDATA |
|---|---|---|---|---|
| client-host.dynu.biz. | 3600 | IN | DHCID | AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA= |
The DNS name that the DHCP client is registering. This is the fully qualified domain name (FQDN) assigned to the DHCP client by the DHCP server.
TTL
The time-to-live in seconds. It specifies how long a resolver is supposed to cache or remember the DNS query before the query expires and a new one needs to be done.
Record Class
Mainly 3 classes of DNS records exist:
- IN (Internet) – default and generally what internet uses.
- CH (Chaosnet) – used for querying DNS server versions.
- HS (Hesiod) – uses DNS functionality to provide access to databases of information that change infrequently.
The record format is defined using this field. Common record types are A, AAAA, CNAME, CAA, TXT etc. In the case of a DHCID record, the record type is DHCID.
DHCID RDATA
The RDATA (resource record data) of a DHCID record is a Base64-encoded binary blob. It encodes three fields concatenated together:
-
Identifier Type Code (2 bytes) – Indicates which DHCP client identifier was used to generate the digest. Defined values are:
-
0x0000 – The 1-octet htype followed by the hardware address from a DHCPv4 client's
chaddrfield. - 0x0001 – The data portion of the DHCPv4 client identifier option (option 61), excluding the type byte.
- 0x0002 – The client's DUID (DHCP Unique Identifier) from a DHCPv6 client-identifier option (option 1).
-
0x0000 – The 1-octet htype followed by the hardware address from a DHCPv4 client's
-
Digest Type Code (1 byte) – Identifies the hash algorithm used to produce the digest. Currently only one value is defined:
- 0x01 – SHA-256.
- Digest (variable length) – The output of the hash function applied to the concatenation of the client identifier data and the fully qualified domain name (FQDN) being registered. For digest type 0x01, this is a 32-byte SHA-256 hash.
DHCID record glossary
DHCP
Dynamic Host Configuration Protocol – a network management protocol used to automatically assign IP addresses and other network configuration parameters to devices on a network.
DDNS (Dynamic DNS updates)
The process by which a DHCP server automatically creates or updates DNS records (such as A and PTR records) when it assigns an IP address to a client. DHCID records are created as part of this process to prevent name conflicts between clients.
DUID
DHCP Unique Identifier – a value used in DHCPv6 to uniquely identify a DHCP client or server. A client's DUID persists across reboots and network changes, unlike a MAC address which can be spoofed or changed.
SHA-256
Secure Hash Algorithm 256-bit – a cryptographic hash function that produces a 32-byte digest. DHCID records use SHA-256 to hash the client identifier and FQDN, ensuring the stored value cannot be reverse-engineered to reveal client details.
FQDN
Fully Qualified Domain Name – the complete domain name for a host, including all labels up to the DNS root (e.g.
client-host.dynu.biz.). The FQDN is included in the SHA-256 digest computation for a DHCID record.
BIND
Berkeley Internet Name Daemon – is the most commonly used DNS software on the Internet and Dynu observes BIND format.