draft-ietf-dhc-dhcpv6-opt-dnsdomain-00.txt   draft-ietf-dhc-dhcpv6-opt-dnsdomain-01.txt 
DHC Working Group R. Yan DHC Working Group R. Yan
Internet Draft Y. Jiang Internet Draft Y. Jiang
Expiration Date: June 2006 L. Gui Expiration Date: August 2006 L. Gui
Alcatel Shanghai Bell Alcatel Shanghai Bell
X. Duan X. Duan
China Mobile China Mobile
Domain Suffix Option for DHCPv6 Domain Suffix Option for DHCPv6
<draft-ietf-dhc-dhcpv6-opt-dnsdomain-00.txt> <draft-ietf-dhc-dhcpv6-opt-dnsdomain-01.txt>
September 26, 2005 February 6, 2006
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 38 skipping to change at page 1, line 38
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 26, 2006. This Internet-Draft will expire on August 6, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document specifies a new DHCPv6 (DHCP for IPv6) option which is This document specifies a new DHCPv6 (DHCP for IPv6) option which is
passed from a DHCPv6 server to a DHCPv6 client to specify the passed from a DHCPv6 server to a DHCPv6 client to specify the
domain suffix name used to perform domain name update. domain suffix name.
1. Introduction 1. Introduction
This document describes a new option for DHCPv6 [RFC3315] that This document describes a new option for DHCPv6 [RFC3315] that
provides a mechanism for the transfer of a domain suffix name. provides a mechanism for the transfer of a domain name suffix.
Using this option, an IPv6 device, which works as a DHCPv6 client, Using this option, the DHCPv6 server can specify the domain name
can configure the domain suffix name automatically. suffix to the DHCPv6 client.
For example, a service provider could use this option to transfer a
domain suffix name to a Customer Premise Equipment (CPE) device
acting as a router between the subscriber's internal network and the
service provider's core network.
The configured domain suffix name is intended to be used by the IPv6
device to perform DNS update for the hosts inside its local network.
The DNS update can be realized by several methods, e.g. the DHCPv6
Client FQDN Option [FQDNv6] provides a mechanism to exchange client's
FQDN information during a stateful DHCPv6 session, and [RADNS]
defines a DNS update mechanism for IPv6 stateless configuration.
1.1 Terminology 1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
This document should be read in conjunction with the DHCPv6 This document should be read in conjunction with the DHCPv6
specification, [RFC3315]. Definitions for terms and acronyms used in specification, [RFC3315]. Definitions for terms and acronyms used in
this document are defined in [RFC3315] and [RFC3633]. this document are defined in RFC3315.
2. Domain Suffix Option 2. Domain Suffix Option
The domain suffix option is used to carry a domain suffix to the The domain suffix option for DHCPv6 is used by the DHCPv6 server to
DHCPv6 client, which will be used to construct and update the domain tell the DHCPv6 client the domain suffix that the DHCPv6 server
name for the hosts in local network. administrator has specified for that DHCPv6 client.
The format of the domain suffix option is: The format of the domain suffix option is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | | Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
~ Domain suffix ~ ~ Domain suffix ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 16-bits identifier of the type of option (TBD). Type: 16-bits identifier of the type of option (TBD).
Length: Length of the "domain suffix" field in octets. Length: Length of the "domain suffix" field in octets.
Domain suffix: The specification of a domain suffix. Domain suffix: The specification of a domain suffix.
The domain suffix in the 'domain suffix' MUST include only one item, The domain suffix in the 'domain suffix' field MUST include only one
and MUST be encoded as specified in section "Representation and use item, and MUST be encoded as specified in the section of RFC3315
of domain names" of [RFC3315]. titled "Representation and use of domain names".
2.1 Usage 2.1 Usage
In stateful DHCPv6 [RFC3315], the DHCPv6 server MAY place a domain
suffix option in the options field of IA_PD option [RFC3363] in an
outgoing DHCPv6 message. The DHCPv6 server MUST NOT place a domain
suffix option in any other portion of a stateful DHCPv6 message.
In stateless DHCPv6 [RFC3736], the DHCPv6 server MAY place a domain
suffix option in the main option buffer of any DHCPv6 message sent to
a client.
A DHCPv6 server may provide different values for the domain suffix A DHCPv6 server may provide different values for the domain suffix
option to different clients. This is useful to avoid domain name option to different clients. The mechanism for choosing which
conflict in large-scale network. The mechanism for choosing which
suffix to assign to which client is a matter of implementation and suffix to assign to which client is a matter of implementation and
administrative policy, and is therefore not specified in this administrative policy, and is therefore not specified in this
document. document.
3. Example 3. Security Considerations
+-------+
+------+ + CPE +-+
| Node +--+ +-------+ |
+------+ | |
| +-------+ |
+------+ | + CPE +-+
| Node +--+ +-------+ | +----------+
+------+ | : | |
: +-------+ | +------------------+ | ISP Core |
+----+ CPE +-+--|Aggregation device|--| |
+------+ | +-------+ +------------------+ | Network |
| Node +--+ | |
+------+ +----------+
\____________ __________/ \_________________ ________________/
\/ \/
Subscriber network ISP network
The above figure shows a typical usage of the domain suffix option.
In this model, ISP has the ISP level domain name suffix (e.g.
example.com). CPE in subscriber network may include a DNS server
for name resolution for local hosts.
The CPE in the subscriber network, which acts as a requesting
router, initiates a DHCPv6 session with the ISP's aggregation device,
acting as a delegation route. During the DHCP session, an IPv6
prefix, along with the corresponding domain suffix name (i.e.
example.com) will be transferred to the CPE.
The domain suffix name can then be used to construct the domain name
for the hosts in subscriber network, using mechanisms defined in
[FQDNv6] or [RADNS].
To avoid frequent domain name conflicts, aggregation device might
allocate different domain suffix name for the CPEs. An example way
can be selection based on an external authority such as a RADIUS
server, in which a unique domain suffix name prefix, called
"home name", is negotiated between user and ISP when subscribing.
For example, "user1.example.com" and "user2.example.com".
4. Security Considerations
Security considerations in DHCP are described in section 23, Security considerations in DHCP are described in section 23,
"Security Considerations" of [RFC3315]. "Security Considerations" of RFC3315.
A rogue DHCP server can issue bogus domain suffix to a client. This
may cause wrong domain name update.
A malicious client may be able to mount a denial of service attack
by repeated DHCP requests for domain suffix, thus exhausts the DHCP
server's resource.
Currently, it is difficult for DHCP servers to develop much
confidence in the identities of its clients, given the absence of
entity authentication from the DHCP protocol itself. To guard against
attack, DHCP Authentication as described in section 21 of [RFC3315]
can be used.
5. IANA Considerations 4. IANA Considerations
IANA is requested to assign a DHCPv6 option code for the Domain IANA is requested to assign a DHCPv6 option code for the Domain
Suffix Option. Suffix Option.
6. Acknowledgements 5. Acknowledgements
The authors thank Ralph Droms, Ted Lemon, Bernie Volz, Tatuya Jinmei, The authors thank Ralph Droms, Ted Lemon, Bernie Volz, Tatuya Jinmei,
Joe Quanaim and Stefaan De Cnodder for valuable discussions and Joe Quanaim and Stefaan De Cnodder for valuable discussions and
comments. comments.
7. References 6. References
7.1 Normative References 6.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B. [RFC3315] Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B.
and R. Droms (ed.), "Dynamic Host Configuration Protocol and R. Droms (ed.), "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, May 2003. for IPv6 (DHCPv6)", RFC 3315, May 2003.
[RFC3363] O. Troan, R. Droms, "IPv6 prefix option for DHCPv6",
RFC 3363, December 2003.
7.2 Informative References
[FQDNv6] B. Volz, "The DHCPv6 Client FQDN Option", draft-ietf-dhc-
dhcpv6-fqdn-00.txt, September, 2004.
[RFC3736] R. Droms, "Stateless Dynamic Host Configuration Protocol
(DHCP) Service for IPv6", RFC 3736, April 2004.
[RADNS] R. Yan, "DNS update in IPv6 stateless configuration",
draft-yan-ipv6-ra-dns-01.txt, June 2005.
Authors' Addresses Authors' Addresses
Renxiang Yan Renxiang Yan
Yinglan Jiang Yinglan Jiang
Luoning Gui Luoning Gui
Research & Innovation Center Research & Innovation Center
Alcatel Shanghai Bell Co., Ltd. Alcatel Shanghai Bell Co., Ltd.
388#, NingQiao Road, Pudong Jinqiao, 388#, NingQiao Road, Pudong Jinqiao,
Shanghai 201206 P.R. China Shanghai 201206 P.R. China
Phone: +86 (21) 5854-1240, ext. 7169 Phone: +86 (21) 5854-1240, ext. 7169
 End of changes. 19 change blocks. 
113 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/