[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 12 RFC 5006

Internet Draft                                                 J. Jeong
                                           ETRI/University of Minnesota
                                                                S. Park
                                                    SAMSUNG Electronics
                                                             L. Beloeil
                                                     France Telecom R&D
                                                         S. Madanapalli
                                                            SAMSUNG ISO

Expires: August 2005                                   15 February 2005


           IPv6 DNS Configuration based on Router Advertisement
                draft-jeong-dnsop-ipv6-dns-discovery-04.txt


Status of this Memo

   By submitting this Internet-Draft, I certify that any applicable
   patent or other IPR claims of which I am aware have been disclosed,
   and any of which we become aware will be disclosed, in accordance
   with RFC3668.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-Drafts
   as reference material or to cite them other than as "work in
   progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 14, 2005.

Copyright Notice

   Copyright (C) The Internet Society (2005).  All Rights Reserved.

Abstract




Jeong, et al.            Expires - August 2005                [Page 1]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   This document specifies the steps which an IPv6 host takes in
   deciding how to configure the addresses of recursive DNS servers for
   DNS name resolution.  The way of discovering recursive DNS servers is
   based on Router Advertisement message.

Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [3].

Table of Contents

   1. Introduction....................................................2
   2. Terminology.....................................................3
   3. Overview........................................................3
   4. Neighbor Discovery Extension....................................4
      4.1. Recursive DNS Server Option................................4
   5. Procedure of DNS Configuration..................................5
   6. Configuration of DNS Information................................6
      6.1. DNS Server Cache Management................................6
      6.2. Synchronization between DNS Server Cache and Resolver File.7
      6.3. DNS Resolution.............................................8
      6.4. Implementation Considerations..............................8
   7. Applicability Statements........................................8
   8. Open Issues.....................................................9
   9. Security Considerations.........................................9
   10. Acknowledgements...............................................9
   11. Normative References..........................................10
   12. Informative References........................................10
   13. Authors' Addresses............................................10
   14. Intellectual Property Statement...............................11
   Full Copyright Statement..........................................12
   Acknowledgement...................................................12

1.  Introduction

   Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless
   Address Autoconfiguration provide ways to configure either fixed
   or mobile nodes with one or more IPv6 addresses, default routes
   and some other parameters [4][5].  To support the access to
   additional services in the Internet that are identified by a DNS
   name, such as a web server, the configuration of at least one
   recursive DNS server is also needed for DNS name resolution.
   Because IPv6 address is too long to remember, some ways to
   configure IPv6 recursive DNS servers are required for the sake of
   user's convenience [9].



Jeong, et al.            Expires - August 2005                [Page 2]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   This document defines the process of DNS configuration based on IPv6
   Router Advertisement (RA) to find out the addresses of recursive DNS
   servers within the local network.

2.  Terminology

   This document uses the terminology described in [4][5].  In addition,
   three new terms are defined below:

   Recursive DNS Server (RDNSS)

     A Recursive DNS Server is a name server that offers the recursive
     service of DNS name resolution.

   DNS Server Cache

     DNS Server Cache is a data structure for managing DNS Server
     Information existing in IPv6 protocol stack in addition to
     Neighbor Cache and Destination Cache for Neighbor Discovery [4].

   Resolver File

     Resolver File is a configuration file which DNS resolver on the
     host uses for DNS name resolution, e.g., /etc/resolv.conf in UNIX.

3.  Overview

   RA approach for RDNSS is to define a new ND option called RDNSS
   option that contains a recursive DNS server address.  Existing ND
   transport mechanisms (i.e., advertisements and solicitations) are
   used.  This works in the same way that nodes learn about routers
   and prefixes.  An IPv6 host can configure the IPv6 addresses of
   one or more RDNSSes via RA message periodically sent by router or
   solicited by a Router Solicitation (RS).

   This approach needs RDNSS information to be configured in the
   routers doing the advertisements.  The configuration of RDNSS
   address can be performed manually by operator or other ways, such
   as automatic configuration through DHCPv6 client running on the
   router [6]-[8].  When advertising more than one RDNSS option, an
   RA message includes as many RDNSS options as RDNSSes.

   Through ND protocol and RDNSS option along with prefix information
   option, an IPv6 host can perform its network configuration of its
   IPv6 address and RDNSS simultaneously [4][5].  The RA option for
   RDNSS can be used on any network that supports the use of ND.




Jeong, et al.            Expires - August 2005                [Page 3]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   However, it is worth noting that some link layers (e.g., WLAN)
   need to acknowledge multicast packets, which may increase the
   amount of link-layer traffic [9].

   The RA approach is useful in some mobile environments where the
   addresses of the RDNSSes are changing because the RA option
   includes a lifetime field that allows client to use RDNSSes nearer
   to the client.  This can be configured to a value that will
   require the client to time out the entry and switch over to
   another RDNSS address (see Section 6.1 and 6.2).

   The preference value of RDNSS, included in RDNSS option, allows
   IPv6 hosts to select a primary RDNSS among several RDNSSes; this
   can be used for load balancing of RDNSSes (see Section 6.1 and
   6.2).

4.  Neighbor Discovery Extension

   The IPv6 DNS configuration mechanism in this document needs a new ND
   option in Neighbor Discovery, Recursive DNS Server (RDNSS) option.

4.1.  Recursive DNS Server Option

   RDNSS option contains the IPv6 address of the recursive DNS server.
   When advertising more than one RDNSS option, an RA message includes
   as many RDNSS options as DNS servers.  Figure 1 shows the format of
   RDNSS option.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Length    |  Pref |        Reserved       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Lifetime                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    :                     IPv6 Address of RDNSS                     :
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Figure 1. Recursive DNS Server (RDNSS) Option Format

    Fields:

      Type            8-bit identifier of the option type (TBD: IANA)

                               Option Name               Type



Jeong, et al.            Expires - August 2005                [Page 4]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


                               RDNSS option              (TBD)

      Length          8-bit unsigned integer.  The length of the
                      option (including the type and length fields)
                      in units of 8 octets SHOULD be 0x03 (3 x 8 = 24
                      octets).

      Pref            The preference of an RDNSS.  A 4-bit unsigned
                      integer.  A decimal value of 15 indicates the
                      highest preference.  A value of zero means
                      unspecified.  The field can be used for load
                      balancing of DNS queries with multiple RDNSSes
                      according to local policy.

      Lifetime        32-bit unsigned integer.  The maximum time, in
                      seconds, over which this RDNSS is used for name
                      resolution.  Hosts should contact the source
                      of this information, router, before this time
                      interval expires.  A value of all one bits
                      (0xffffffff) represents infinity.  A value of
                      zero means that the RDNSS must no longer be used.

      IPv6 Address of RDNSS
                      128-bit IPv6 address of the recursive DNS server.

5.  Procedure of DNS Configuration

   The processing of RDNSS option is handled like any other ND option
   and would happen when an RA is received.  No new procedure is needed.
   Figure 2 shows the procedure of DNS configuration for IPv6 host on
   the basis of IPv6 RA message.

      IPv6 Host                                                Router
         |                                                       |
      (a)|(-------------------------RS------------------------->)|
      (b)|<-----------------RA w/ RDNSS option(s)----------------|
      (c)|                    Processing of RA                   |
      (d)|          Stateless Address Autoconfiguration          |
      (e)|          DNS Configuration based on RA option         |
      (f)|        (DNS Configuration based on DHCP option)       |

      Figure 2. Procedure of IPv6 Host DNS Configuration

   The procedure consists of the following steps:

   Step (a) : IPv6 Host sends RS (Router Solicitation) message to get an
              RA message.  It is optional.



Jeong, et al.            Expires - August 2005                [Page 5]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   Step (b) : For the RS message sent by IPv6 Host, Router sends an RA
              message, which contains Prefix Information option for
              stateless address autoconfiguration and RDNSS options
              for DNS servers.

   Step (c) : If there are not any Prefix Information option and RDNSS
              in RA message, IPv6 Host goes to Step (f).

   Step (d) : If there is Prefix Information option in RA message, IPv6
              Host performs stateless address autoconfiguration on the
              basis of the prefix included in the option.  If the
              stateless autoconfiguration fails, IPv6 Host goes to Step
              (f).

   Step (e) : If there is an RDNSS option in RA message, IPv6 Host
              stores the RDNSS address in both its DNS Server Cache and
              resolver configuration file.

   Step (f) : If M (Managed address configuration) flag is set on, IPv6
              Host MUST perform stateful address autoconfiguration
              through DHCPv6 [4]-[6].  If no RDNSS option is included in
              the RA message, IPv6 Host MAY perform DNS configuration
              through DHCPv6 [6]-[8] regardless of whether the O flag is
              set or not.

6.  Configuration of DNS Information

   The RDNSS addresses are announced by RDNSS options in RA message.
   The newly discovered RDNSS addresses are stored and managed in both
   DNS Server Cache and Resolver File.

6.1.  DNS Server Cache Management

   The DNS configuration in this document needs a new DNS Server Cache
   in IPv6 protocol stack in addition to Neighbor Cache and Destination
   Cache for Neighbor Discovery [4].  Each entry of DNS Server Cache
   consists of RDNSS address, Preference, Expire-time, and Onsite-flag
   as follows:

   - RDNSS address:
     RDNSS address indicates the recursive DNS server in the site.

   - Preference:
     Preference, delivered in RDNSS option, is used for an IPv6 host to
     decide which RDNSS it will use as a primary RDNSS among the
     announced RDNSSes.  This field can be used for load balancing of
     DNS queries with multiple RDNSSes within an autonomous site.



Jeong, et al.            Expires - August 2005                [Page 6]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   - Expire-time:
     Lifetime, delivered in RDNSS option, is used to give the time when
     this entry becomes invalid.  Expire-time is set to the value of
     Lifetime field of RDNSS option plus the current system time.
     Whenever a new RDNSS option with the same address is received,
     this field is updated to have a new expiration time.

   - Onsite-flag:
     Onsite-flag is set on while Expire-time is less than the current
     system time; in other words, while this entry is valid.  When
     Expire-time becomes greater than the current system time, this
     flag is set off.  When Expire-time becomes less than the current
     system time again through the receipt of another RDNSS option, the
     flag is set on.  The entry of which Onsite-flag is off is not
     deleted immediately, but used for DNS resolution in the site where
     the IPv6 host is a mobile node and no RDNSS is provided.
     Therefore, the IPv6 host MAY use the RDNSS of the previous site
     even though the RDNSS is in the remote network.
     To limit the storage needed for the DNS Server Cache, a node MAY
     need to garbage-collect old entries.  However, care must be taken
     to insure that sufficient space is always present to hold the
     working set of active entries.  Any LRU-based policy that only
     reclaims entries that have expired should be adequate for garbage-
     collecting unused entries [4].  For example, when the replacement
     is necessary, the IPv6 host can choose one of which Onsite-flag is
     off and of which Expire-time is the least.

6.2.  Synchronization between DNS Server Cache and Resolver File

   When an IPv6 host receives the information of multiple RDNSSes within
   a site through an RA message with RDNSS options, it stores the RDNSS
   addresses in order into both DNS Server Cache and Resolver File.  The
   processing of the RDNSS option included in RA message is as follows:

   Step (a) : Receive and parse RDNSS options.

   Step (b) : Arrange the addresses of RDNSSes in a descending order,
              starting with the biggest value of "Pref" field of the
              RDNSS option and store them in both DNS Server Cache
              and Resolver File.  In the case where there are several
              routers advertising RDNSS option(s) in a subnet, "Pref"
              field is used to arrange the information.

   Step (c) : For each RDNSS option, check the following: If each value
              of "Pref" and "Lifetime" fields is set to zero, delete the
              corresponding RDNSS entry from both DNS Server Cache and
              Resolver File in order to let the RDNSS be not used any
              more for certain reason in network management, e.g., the


Jeong, et al.            Expires - August 2005                [Page 7]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


              breakdown of the RDNSS and a renumbering situation.

   Step (d) : Delete each entry of which Onsite-flag is set off from DNS
              Server Cache and the RDNSS address corresponding to the
              entry from Resolver File.  However, in mobile environment,
              in order that a mobile node can still use the RDNSS of the
              previous site when the node moves into another site and no
              RDNSS is available there, it MAY be allowed to maintain
              the entry of which Onsite-flag is off in both DNS Server
              Cache and Resolver File.  In this case, invalid entries
              can be deleted according to LRU-based policy.

  As a last resort of DNS name resolution, an IPv6 host can use the
  RDNSSes manually configured by its user in its Resolver File either
  when it cannot get the information of RDNSSes from local network or
  when there is no valid RDNSS address in DNS Server Cache.

6.3.  DNS Resolution

   Whenever DNS resolver has to resolve a DNS name which is not cached
   in its local DNS cache, it can use one of the RDNSSes listed in
   Resolver File, which is synchronized with DNS Server Cache.  It
   refers to RDNSS in order from the first RDNSS among the RDNSSes in
   Resolver File.

6.4.  Implementation Considerations

   The current ND framework should be modified due to the
   synchronization between DNS Server Cache for RDNSSes in kernel
   space and Resolver File in user space.  Because it is unacceptable
   to write and rewrite the Resolver file (e.g., resolv.conf) from
   the kernel, another approach is needed.  One simple approach to
   solve this is to have a daemon around (or a program that is called
   at the defined intervals) that keeps monitoring the lifetime of
   RDNSSes all the time.  However, such a daemon is not necessary
   with the current ND framework.

7.  Applicability Statements

   RA-based DNS configuration is useful in the networks where IPv6
   address is autoconfigured through IPv6 stateless address
   autoconfiguration, such as SOHO, home networks, celluar networks
   (e.g., 3GPP), MIPv6 (especially, HMIPv6), NEMO and MANET connected to
   the Internet.  Especially, the RA approach is useful in some mobile
   environments where the addresses of the RDNSSes are changing because
   the RA option includes a lifetime field that allows client to use
   RDNSSes nearer to the client.  This can be configured to a value that



Jeong, et al.            Expires - August 2005                [Page 8]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   will require the client to time out the entry and switch over to
   another RDNSS in current local network.

8.  Open Issues

   There might be some issues regarding RA-based DNS configuration as
   follows:

   o Can the RA approach be used safely in WLAN networks?  Because
   multicast is unreliable in WLAN networks, some RA messages advertised
   by a router can be lost [9].

   o How can we optimize bandwidth on the link, especially the link of
   cellular networks, such as 3GPP network?

   o Is the use of "Pref" or "Lifetime" fields useful?

   o Is it useful to advertise the well-known anycast addresses for
   RDNSSes through RA message?  The well-known anycast addresses can be
   set in RA configuration and be announced to IPv6 hosts through RDNSS
   options in order to reduce the configuration effort of users [10].

   o How to implement RA-based DNS configuration?

9.  Security Considerations

   The security of RA option for RDNSS is the same as ND protocol
   security [4].  The RA option does not add any new vulnerability.

   It should be noted that the vulnerability of ND is not worse and is a
   subset of the attacks that any node attached to a LAN can do
   independently of ND.  A malicious node on a LAN can promiscuously
   receive packets for any router's MAC address and send packets with
   the router's MAC address as the source MAC address in the L2 header.
   In the result, the L2 switches send packets addressed to the router
   to the malicious node.  Also, this attack can send redirects that
   tell the hosts to send their traffic somewhere else.  The malicious
   node can send unsolicited RA or NA replies, answer RS or NS requests,
   etc.  All of this can be done independently of implementing ND.
   Therefore, the RA option for RDNSS does not add to the vulnerability.

   Security issues regarding the ND protocol have been discussed at IETF
   SEND (Securing Neighbor Discovery) Working Group [11].

10.  Acknowledgements





Jeong, et al.            Expires - August 2005                [Page 9]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   This draft has greatly benefited from inputs by Robert Hinden,
   Pekka Savola, and Tim Chown.  The authors appreciate their
   contribution.

11.  Normative References

   [1]  S. Bradner, "Intellectual Property Rights in IETF Technology",
        RFC 3668, February 2004.

   [2]  S. Bradner, "IETF Rights in Contributions", RFC 3667,
        February 2004.

   [3]  S. Bradner, "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [4]  T. Narten, E. Nordmark and W. Simpson, "Neighbor Discovery for
        IP version 6 (IPv6)", RFC 2461, December 1998.

   [5]  S. Thomson and T. Narten, "IPv6 Stateless Address
        Autoconfiguration", RFC 2462, December 1998.

12.  Informative References

   [6]  R. Droms et al., "Dynamic Host Configuration Protocol for IPv6
        (DHCPv6)", RFC 3315, July 2003.

   [7]  R. Droms, "Stateless Dynamic Host Configuration Protocol (DHCP)
        Service for IPv6", RFC 3736, April 2004.

   [8]  R. Droms et al., "DNS Configuration options for Dynamic Host
        Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December
        2003.

   [9]  J. Jeong et al., "IPv6 Host Configuration of DNS Server
        Information Approaches", draft-ietf-dnsop-ipv6-dns-configuration
        -04.txt, September 2004, Work in Progress.

   [10] M. Ohta, "Preconfigured DNS Server Addresses", draft-ohta-
        preconfigured-dns-01.txt, February 2004, Work in Progress.

   [11] J. Arkko et al., "SEcure Neighbor Discovery (SEND)", draft-
        ietf-send-ndopt-06.txt, July 2004, Work in Progress.

13.  Authors' Addresses

   Jaehoon Paul Jeong
   ETRI/University of Minnesota at Twin Cities
   117 Pleasant Street SE


Jeong, et al.            Expires - August 2005               [Page 10]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   Minneapolis, MN 55455
   USA

   Phone: +1 651 587 7774
   EMail: jjeong@cs.umn.edu

   Soohong Daniel Park
   Mobile Platform Laboratory,
   SAMSUNG Electronics
   Korea

   Phone: +82 31 200 3728
   EMail: soohong.park@samsung.com

   Luc Beloeil
   France Telecom R&D
   42, rue des coutures
   BP 6243
   14066 CAEN Cedex 4
   France

   Phone: +33 02 3175 9391
   EMail: luc.beloeil@francetelecom.com

   Syam Madanapalli
   Network Systems Division,
   SAMSUNG India Software Operations
   India

   Phone: +91 80 555 0555
   EMail: syam@samsung.com

14.  Intellectual Property Statement

   The following intellectual property notice is copied from RFC3668,
   Section 5.

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed
   to pertain to the implementation or use of the technology
   described in this document or the extent to which any license
   under such rights might or might not be available; nor does it
   represent that it has made any independent effort to identify any
   such rights.  Information on the procedures with respect to rights
   in RFC documents can be found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an


Jeong, et al.            Expires - August 2005               [Page 11]

Internet-Draft     IPv6 DNS Configuration based on RA    February 2005


   attempt made to obtain a general license or permission for the use
   of such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository
   at http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention
   any copyrights, patents or patent applications, or other
   proprietary rights that may cover technology that may be required
   to implement this standard.  Please address the information to the
   IETF at ietf-ipr@ietf.org.

Full Copyright Statement

   The following copyright notice is copied from RFC3667, Section 5.4.
   It describes the applicable copyright for this document.

   Copyright (C) The Internet Society (2005).  This document is
   subject to the rights, licenses and restrictions contained in BCP
   78, and except as set forth therein, the authors retain all their
   rights.

   This document and the information contained herein are provided on
   an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
   THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
   ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
   PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.
















Jeong, et al.            Expires - August 2005               [Page 12]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/