draft-ietf-6man-dns-options-bis-02.txt   draft-ietf-6man-dns-options-bis-03.txt 
Network Working Group J. Jeong, Ed. Network Working Group J. Jeong
Internet-Draft Brocade/ETRI Internet-Draft Brocade/ETRI
Obsoletes: 5006 (if approved) S. Park Obsoletes: 5006 (if approved) S. Park
Intended status: Standards Track SAMSUNG Electronics Intended status: Standards Track SAMSUNG Electronics
Expires: November 25, 2010 L. Beloeil Expires: December 11, 2010 L. Beloeil
France Telecom R&D France Telecom R&D
S. Madanapalli S. Madanapalli
Ordyn Technologies Ordyn Technologies
May 24, 2010 June 9, 2010
IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis IPv6 Router Advertisement Options for DNS Configuration RFC 5006-bis
draft-ietf-6man-dns-options-bis-02 draft-ietf-6man-dns-options-bis-03
Abstract Abstract
This document specifies IPv6 Router Advertisement options to allow This document specifies IPv6 Router Advertisement options to allow
IPv6 routers to advertise a list of DNS recursive server addresses IPv6 routers to advertise a list of DNS recursive server addresses
and a DNS search list to IPv6 hosts. and a DNS search list to IPv6 hosts.
Status of This Memo Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
skipping to change at page 1, line 43 skipping to change at page 1, line 43
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 25, 2010. This Internet-Draft will expire on December 11, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 41 skipping to change at page 2, line 41
6.2. Synchronization between DNS Server List and Resolver 6.2. Synchronization between DNS Server List and Resolver
Repository . . . . . . . . . . . . . . . . . . . . . . . . 10 Repository . . . . . . . . . . . . . . . . . . . . . . . . 10
6.3. Synchronization between DNS Search List and Resolver 6.3. Synchronization between DNS Search List and Resolver
Repository . . . . . . . . . . . . . . . . . . . . . . . . 11 Repository . . . . . . . . . . . . . . . . . . . . . . . . 11
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
10.1. Normative References . . . . . . . . . . . . . . . . . . . 13 10.1. Normative References . . . . . . . . . . . . . . . . . . . 13
10.2. Informative References . . . . . . . . . . . . . . . . . . 14 10.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. Changes from RFC 5006 . . . . . . . . . . . . . . . . 14 Appendix A. Changes from RFC 5006 . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
The purpose of this document is to standardize IPv6 Router The purpose of this document is to standardize IPv6 Router
Advertisement (RA) option for DNS configuration in IPv6 hosts Advertisement (RA) option for DNS configuration in IPv6 hosts
specified in an earlier experimental specification [RFC5006] and also specified in an earlier experimental specification [RFC5006] and also
to define a new RA option for Domain Name Search lists. to define a new RA option for Domain Name Search lists.
Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless Address Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless Address
Autoconfiguration provide ways to configure either fixed or mobile Autoconfiguration provide ways to configure either fixed or mobile
skipping to change at page 8, line 7 skipping to change at page 8, line 7
name resolution. The Lifetime value has the same name resolution. The Lifetime value has the same
semantics as with RDNSS option. That is, Lifetime semantics as with RDNSS option. That is, Lifetime
SHOULD be bounded as follows: MaxRtrAdvInterval <= SHOULD be bounded as follows: MaxRtrAdvInterval <=
Lifetime <= 2*MaxRtrAdvInterval. A value of all one Lifetime <= 2*MaxRtrAdvInterval. A value of all one
bits (0xffffffff) represents infinity. A value of bits (0xffffffff) represents infinity. A value of
zero means that the DNSSL domain name MUST no longer zero means that the DNSSL domain name MUST no longer
be used. be used.
Domain Names of DNS Search List Domain Names of DNS Search List
One or more domain names of DNS search list that MUST One or more domain names of DNS search list that MUST
be encoded in the non-compressed form, using the be encoded using the technique described in Section
technique described in Section 3.1 of [RFC1035]. The 3.1 of [RFC1035]. By this technique, each domain
size of this field is a multiple of 8 octets. The name is represented as a sequence of labels ending in
remaining octets other than the encoding parts for a zero octet, defined as domain name representation.
the domain names are padded with zeros. For more than one domain name, the corresponding
domain name representations are concatenated as they
are. Note that for the simple decoding, the domain
names MUST NOT be encoded in a compressed form, as
described in Section 4.1.4 of [RFC1035]. Because the
size of this field MUST be a multiple of 8 octets,
for the minimum multiple including the domain name
representations, the remaining octets other than the
encoding parts of the domain name representations
MUST be padded with zeros.
Note: An RDNSS address or a DNSSL domain name MUST be used only as Note: An RDNSS address or a DNSSL domain name MUST be used only as
long as both the RA router lifetime and the option lifetime have long as both the RA router lifetime and the option lifetime have
not expired. The reason is that in the current network to which not expired. The reason is that in the current network to which
an IPv6 host is connected, the RDNSS may not be currently an IPv6 host is connected, the RDNSS may not be currently
reachable, that the DNSSL domain name is not valid any more, or reachable, that the DNSSL domain name is not valid any more, or
that these options do not provide service to the host's current that these options do not provide service to the host's current
address (e.g., due to network ingress filtering address (e.g., due to network ingress filtering
[RFC2827][RFC5358]). [RFC2827][RFC5358]).
skipping to change at page 13, line 7 skipping to change at page 13, line 16
An attacker may provide a bogus DNS Search List option in order to An attacker may provide a bogus DNS Search List option in order to
cause the victim to send DNS queries to a specific DNS server when cause the victim to send DNS queries to a specific DNS server when
the victim queries non-fully qualified domain names. For this the victim queries non-fully qualified domain names. For this
attack, the DNS resolver in IPv6 hosts can mitigate the vulnerability attack, the DNS resolver in IPv6 hosts can mitigate the vulnerability
with the recommendations in [RFC1535], [RFC1536], and [RFC3646]. with the recommendations in [RFC1535], [RFC1536], and [RFC3646].
If the Secure Neighbor Discovery (SEND) protocol is used as a If the Secure Neighbor Discovery (SEND) protocol is used as a
security mechanism for ND, all the ND options including the RDNSS and security mechanism for ND, all the ND options including the RDNSS and
DNSSL options are automatically included in the signatures [RFC3971], DNSSL options are automatically included in the signatures [RFC3971],
so the transport for the RA options is integrity-protected. However, so the transport for the RA options is integrity-protected. However,
since any valid SEND node can still insert RDNSS and DNSSL options, since any valid SEND router can still insert RDNSS and DNSSL options,
SEND cannot verify who is or is not authorized to send the options. SEND cannot verify which one is or is not authorized to send the
options.
8. IANA Considerations 8. IANA Considerations
The RDNSS option defined in this document is using the IPv6 Neighbor The RDNSS option defined in this document is using the IPv6 Neighbor
Discovery Option type in RFC 5006 [RFC5006] assigned by the IANA as Discovery Option type in RFC 5006 [RFC5006] assigned by the IANA as
follows: follows:
Option Name Type Option Name Type
RDNSS option 25 RDNSS option 25
skipping to change at page 14, line 5 skipping to change at page 14, line 12
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP Version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, September 2007. Address Autoconfiguration", RFC 4862, September 2007.
[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", RFC 1035, November 1987.
10.2. Informative References 10.2. Informative References
[RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities", [RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities",
RFC 1034, November 1987. RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", RFC 1035, November 1987.
[RFC3315] Droms, R., Ed., "Dynamic Host Configuration Protocol for [RFC3315] Droms, R., Ed., "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol
(DHCP) Service for IPv6", RFC 3736, April 2004. (DHCP) Service for IPv6", RFC 3736, April 2004.
[RFC3646] Droms, R., Ed., "DNS Configuration options for Dynamic [RFC3646] Droms, R., Ed., "DNS Configuration options for Dynamic
Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
December 2003. December 2003.
skipping to change at page 15, line 32 skipping to change at page 15, line 40
o Modified implementation considerations for DNSSL Option handling. o Modified implementation considerations for DNSSL Option handling.
o Modified security considerations to consider more attack scenarios o Modified security considerations to consider more attack scenarios
and the corresponding possible solutions. and the corresponding possible solutions.
o Modified IANA considerations to require another IPv6 Neighbor o Modified IANA considerations to require another IPv6 Neighbor
Discovery Option type for DNSSL option. Discovery Option type for DNSSL option.
Authors' Addresses Authors' Addresses
Jaehoon Paul Jeong (editor) Jaehoon Paul Jeong
Brocade Communications Systems/ETRI Brocade Communications Systems/ETRI
6000 Nathan Ln N 6000 Nathan Ln N
Plymouth, MN 55442 Plymouth, MN 55442
USA USA
Phone: +1 763 268 7173 Phone: +1 763 268 7173 begin_of_the_skype_highlighting +1 763 268 7173 end_of_the_skype_highlighting
Fax: +1 763 268 6800 Fax: +1 763 268 6800
EMail: pjeong@brocade.com EMail: pjeong@brocade.com
URI: http://www.cs.umn.edu/~jjeong/ URI: http://www.cs.umn.edu/~jjeong/
Soohong Daniel Park Soohong Daniel Park
Mobile Platform Laboratory Mobile Platform Laboratory
SAMSUNG Electronics SAMSUNG Electronics
416 Maetan-3dong, Yeongtong-Gu 416 Maetan-3dong, Yeongtong-Gu
Suwon, Gyeonggi-Do 443-742 Suwon, Gyeonggi-Do 443-742
Korea Korea
Phone: +82 31 200 4508 Phone: +82 31 200 4508 begin_of_the_skype_highlighting +82 31 200 4508 end_of_the_skype_highlighting
EMail: soohong.park@samsung.com EMail: soohong.park@samsung.com
Luc Beloeil Luc Beloeil
France Telecom R&D France Telecom R&D
42, rue des coutures 42, rue des coutures
BP 6243 BP 6243
14066 CAEN Cedex 4 14066 CAEN Cedex 4
France France
Phone: +33 02 3175 9391 Phone: +33 02 3175 9391 begin_of_the_skype_highlighting +33 02 3175 9391 end_of_the_skype_highlighting
EMail: luc.beloeil@orange-ftgroup.com EMail: luc.beloeil@orange-ftgroup.com
Syam Madanapalli Syam Madanapalli
Ordyn Technologies Ordyn Technologies
1st Floor, Creator Building, ITPL 1st Floor, Creator Building, ITPL
Bangalore - 560066 Bangalore - 560066
India India
Phone: +91-80-40383000 Phone: +91-80-40383000 begin_of_the_skype_highlighting +91-80-40383000 end_of_the_skype_highlighting
EMail: smadanapalli@gmail.com EMail: smadanapalli@gmail.com
 End of changes. 15 change blocks. 
21 lines changed or deleted 31 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/