[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 draft-ietf-dhc-dhcpv6-opt-dnsdomain

Internet Engineering Task Force                             Renxiang Yan
Internet Draft                                             Yinglan Jiang
Expiration: May 2005                                         Luoning Gui
File: draft-yan-dhc-dhcpv6-opt-dnszone-02.txt      Alcatel Shanghai Bell




                     Zone Suffix Option for DHCPv6
                <Draft-yan-dhc-dhcpv6-opt-dnszone-02.txt>

                           December 24, 2004


Status of this Memo

   By submitting this Internet-Draft, I certify that any applicable
   patent or other IPR claims of which I am aware have been disclosed,
   or will be disclosed, and any of which I become aware will be
   disclosed, in accordance with RFC 3668.

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

      The list of current Internet-Drafts can be accessed at
      http://www.ietf.org/ietf/1id-abstracts.txt

      The list of Internet-Draft Shadow Directories can be accessed at
      http://www.ietf.org/shadow.html.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document specifies a new DHCPv6 (DHCP for IPv6) option which is
   passed from an DHCPv6 server to an DHCPv6 client to specify the
   zone suffix name used to construct and perform domain name update.


Yan, et. al.                                                    [Page 1]


Internet-Draft         zone suffix option for DHCPv6       December 2004


1.0 Introduction

   This document describes a new option for DHCPv6 [2] that provides a
   mechanism for the transfer of a zone suffix name.  Using this option,
   an IPv6 device, which works as a DHCPv6 client, can configure the
   zone suffix name automatically.

   For example, a service provider would use this option to transfer a
   zone suffix name to a Customer Premise Equipment (CPE) device acting
   as a router between the subscriber's internal network and the service
   provider's core network.

   The configured zone suffix name is intended to be used by the IPv6
   device to perform DNS update for the hosts inside its local network.
   The DNS update can be realized by several methods.  The DHCPv6 Client
   FQDN Option [6] provides a mechanism to exchange client's FQDN
   information during a stateful DHCPv6 session.  DNS update mechanism
   for IPv6 stateless configuration can be defined in the future.

1.1 Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [4].

   This document should be read in conjunction with the DHCPv6
   specification, RFC 3315 [2]. Definitions for terms and acronyms used
   in this document are defined in RFC 3315 and RFC 3633 [3].

2.0  Zone Suffix Option

   The zone suffix option is used to carry a zone suffix to the DHCPv6
   client, which will be used to construct and update the domain name
   for the hosts in local network.

   The format of the zone suffix option is:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |             Type            |            Length               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    ~                            zone suffix                        ~
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type:         16-bits identifier of the type of option (TBD).



Yan, et. al.                                                    [Page 2]


Internet-Draft         zone suffix option for DHCPv6       December 2004


   Length:       Length of the "zone suffix" field in octets.

   zone suffix:  The specification of a zone suffix.

   The zone suffix in the 'zone suffix' MUST include only one item, and
   MUST be encoded as specified in section "Representation and use of
   domain names" of RFC3315.

2.1  Usage

   In stateful DHCPv6, the zone suffix option MUST only appear in
   IA_PD-options field of IA_PD option (see [3]) and apply to all
   prefixes for that binding.  One IA_PD-options field MUST include none
   or only one zone suffix option.

   In stateless DHCPv6, the zone suffix option can appear in the
   client's message options field in the transaction.

   Stateful DHCPv6 server may allocate different zone suffix name to
   different clients. This can avoid frequent domain name conflicts when
   performing DNS update in large network.  The mechanism through which
   the server selects different zone suffix name for client is not
   specified in this document.


3.0  Example and applicability


     +------+
     | Node +--+
     +------+  |
               |
     +------+  |
     | Node +--+                                     +----------+
     +------+  |                                     |          |
               :  +-------+    +------------------+  | ISP Core |
               +--+  CPE  +----|Aggregation device|--|          |
               :  +-------+    +------------------+  |  Network |
     +------+  |                                     |          |
     | Node +--+                                     +----------+
     +------+
   \___________  __________/ \_________________  __________________/
               \/                              \/
        Subscriber network                ISP network


   The above figure shows a typical usage of the zone suffix option.
   In this model, ISP has the ISP level domain name suffix (e.g.
   example.com).


Yan, et. al.                                                    [Page 3]


Internet-Draft         zone suffix option for DHCPv6       December 2004


   The CPE in the subscriber network, which acts as a requesting
   router, initiates a DHCP session with the router in ISP network. An
   IPv6 prefix, along with the corresponding zone suffix name (i.e.
   example.com) will be transferred to the CPE.

   The zone suffix name can then be used to construct can update domain
   name for the hosts in subscriber network, by an embedded DHCPv6
   server in CPE or by other means of DNS update mechanism for stateless
   IPv6 configuration.

   To avoid frequent domain name conflicts, aggregation device might
   allocate different zone suffix name for the CPE. An example way can
   be selection based on an external authority such as a RADIUS server,
   in which an unique zone suffix name prefix, called "home name", are
   negotiated between user and ISP when subscribing. For example,
   "user1.example.com" and "user2.example.com".


4.0  Security Considerations

   Security considerations in DHCP are described in section 23,
   "Security Considerations" of RFC 3315.

   A rogue DHCP server can issue bogus zone suffix to a client. This
   may cause wrong domain name update.

   A malicious client may be able to mount a denial of service attack
   by repeated DHCP requests for zone suffix, thus exhausts the DHCP
   server's resource.

   Currently, it is difficult for DHCP servers to develop much
   confidence in the identities of its clients, given the absence of
   entity authentication from the DHCP protocol itself. To guard against
   attack, DHCP Authentication as described in section 21 of RFC 3315
   can be used.

Copyright notice

   Copyright (C) The Internet Society (2004).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Yan, et. al.                                                    [Page 4]


Internet-Draft         zone suffix option for DHCPv6       December 2004


References

   [1]  Deering, S. and R. Hiden, "Internet Protocol, Version 6 (IPv6)
        Specification", RFC2460, December 1998.

   [2]  Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B. and R.
        Droms (ed.), "Dynamic Host Configuration Protocol for IPv6
        (DHCPv6)", RFC 3315, May 2003.

   [3]  O. Troan, R. Droms, "IPv6 prefix option for DHCPv6", RFC3363,
        December 2003.

   [4]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [5]  P. Vixie, S. Thomson, Y. Rekhter and J. Bound, "Dynamic Updates
        in the Domain Name System (DNS UPDATE)", RFC2136, April 1997.

   [6]  B. Volz, "The DHCPv6 Client FQDN Option", draft-ietf-dhc-
        dhcpv6-fqdn-00.txt, September, 2004.

   [7]  Wellington, B., "Secure Domain Name System (DNS) Dynamic
        Update", RFC 3007, November 2000.

   [8]  Mockapetris, P., "Domain names - concepts and facilities", STD
        13, RFC 1034, November 1987.

Author Information:

   Renxiang Yan
   Yinglan Jiang
   Luoning Gui
   Research & Innovation Center
   Alcatel Shanghai Bell Co., Ltd.
   388#, NingQiao Road, Pudong Jinqiao
   Shanghai 201206 P.R. China
   Phone: +86 (21) 5854-1240

   Email: renxiang.yan@alcatel-sbell.com.cn
          Yinglan.jiang@alcatel-sbell.com.cn
          Luoning.gui@alcatel-sbell.com.cn










Yan, et. al.                                                    [Page 5]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/