DHC Working Group                                                 R. Yan
Internet Draft                                                  Y. Jiang
Expiration Date: June August 2006                                      L. Gui
                                                   Alcatel Shanghai Bell
                                                                 X. Duan
                                                            China Mobile

                     Domain Suffix Option for DHCPv6
              <draft-ietf-dhc-dhcpv6-opt-dnsdomain-00.txt>

                          September 26, 2005
              <draft-ietf-dhc-dhcpv6-opt-dnsdomain-01.txt>

                          February 6, 2006

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
      http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
      http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on June 26, August 6, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005). (2006).

Abstract

   This document specifies a new DHCPv6 (DHCP for IPv6) option which is
   passed from a DHCPv6 server to a DHCPv6 client to specify the
   domain suffix name used to perform domain name update. name.

1.  Introduction

   This document describes a new option for DHCPv6 [RFC3315] that
   provides a mechanism for the transfer of a domain suffix name. name suffix.
   Using this option, an IPv6 device, which works as a the DHCPv6 client, server can configure specify the domain suffix name automatically.

   For example, a service provider could use this option to transfer a
   domain
   suffix name to a Customer Premise Equipment (CPE) device
   acting as a router between the subscriber's internal network and the
   service provider's core network.

   The configured domain suffix name is intended to be used by the IPv6
   device to perform DNS update for the hosts inside its local network.
   The DNS update can be realized by several methods, e.g. the DHCPv6
   Client FQDN Option [FQDNv6] provides a mechanism to exchange client's
   FQDN information during a stateful DHCPv6 session, and [RADNS]
   defines a DNS update mechanism for IPv6 stateless configuration. client.

1.1  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   This document should be read in conjunction with the DHCPv6
   specification, [RFC3315]. Definitions for terms and acronyms used in
   this document are defined in [RFC3315] and [RFC3633]. RFC3315.

2.  Domain Suffix Option

   The domain suffix option for DHCPv6 is used to carry a domain suffix to by the DHCPv6 client, which will be used server to construct and update
   tell the DHCPv6 client the domain
   name for suffix that the hosts in local network. DHCPv6 server
   administrator has specified for that DHCPv6 client.

   The format of the domain suffix option is:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |             Type            |            Length               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    ~                          Domain suffix                        ~
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type:         16-bits identifier of the type of option (TBD).

   Length:       Length of the "domain suffix" field in octets.

   Domain suffix:  The specification of a domain suffix.

   The domain suffix in the 'domain suffix' field MUST include only one
   item, and MUST be encoded as specified in the section of RFC3315
   titled "Representation and use of domain names" of [RFC3315]. names".

2.1  Usage

   In stateful DHCPv6 [RFC3315], the DHCPv6 server MAY place a domain
   suffix option in the options field of IA_PD option [RFC3363] in an
   outgoing DHCPv6 message.  The DHCPv6 server MUST NOT place a domain
   suffix option in any other portion of a stateful DHCPv6 message.

   In stateless DHCPv6 [RFC3736], the DHCPv6 server MAY place a domain
   suffix option in the main option buffer of any DHCPv6 message sent to
   a client.

   A DHCPv6 server may provide different values for the domain suffix
   option to different clients.  This is useful to avoid domain name
   conflict in large-scale network.  The mechanism for choosing which
   suffix to assign to which client is a matter of implementation and
   administrative policy, and is therefore not specified in this
   document.

3.  Example

                    +-------+
     +------+       +  CPE  +-+
     | Node +--+    +-------+ |
     +------+  |              |
               |    +-------+ |
     +------+  |    +  CPE  +-+
     | Node +--+    +-------+ |                        +----------+
     +------+  |              :                        |          |
               :    +-------+ |  +------------------+  | ISP Core |
               +----+  CPE  +-+--|Aggregation device|--|          |
     +------+  |    +-------+    +------------------+  |  Network |
     | Node +--+                                       |          |
     +------+                                          +----------+

    \____________  __________/ \_________________  ________________/
                 \/                              \/
          Subscriber network                ISP network
   The above figure shows a typical usage of the domain suffix option.
   In this model, ISP has the ISP level domain name suffix (e.g.
   example.com). CPE in subscriber network may include a DNS server
   for name resolution for local hosts.

   The CPE in the subscriber network, which acts as a requesting
   router, initiates a DHCPv6 session with the ISP's aggregation device,
   acting as a delegation route.  During the DHCP session, an IPv6
   prefix, along with the corresponding domain suffix name (i.e.
   example.com) will be transferred to the CPE.

   The domain suffix name can then be used to construct the domain name
   for the hosts in subscriber network, using mechanisms defined in
   [FQDNv6] or [RADNS].

   To avoid frequent domain name conflicts, aggregation device might
   allocate different domain suffix name for the CPEs. An example way
   can be selection based on an external authority such as a RADIUS
   server, in which a unique domain suffix name prefix, called
   "home name", is negotiated between user and ISP when subscribing.
   For example, "user1.example.com" and "user2.example.com".

4.  Security Considerations

   Security considerations in DHCP are described in section 23,
   "Security Considerations" of [RFC3315].

   A rogue DHCP server can issue bogus domain suffix to a client. This
   may cause wrong domain name update.

   A malicious client may be able to mount a denial of service attack
   by repeated DHCP requests for domain suffix, thus exhausts the DHCP
   server's resource.

   Currently, it is difficult for DHCP servers to develop much
   confidence in the identities of its clients, given the absence of
   entity authentication from the DHCP protocol itself. To guard against
   attack, DHCP Authentication as described in section 21 of [RFC3315]
   can be used.

5. RFC3315.

4.  IANA Considerations

   IANA is requested to assign a DHCPv6 option code for the Domain
   Suffix Option.

6.

5.  Acknowledgements

   The authors thank Ralph Droms, Ted Lemon, Bernie Volz, Tatuya Jinmei,
   Joe Quanaim and Stefaan De Cnodder for valuable discussions and
   comments.

7.

6.  References

7.1

6.1 Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3315]  Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B.
              and R. Droms (ed.), "Dynamic Host Configuration Protocol
              for IPv6 (DHCPv6)", RFC 3315, May 2003.

   [RFC3363]  O. Troan, R. Droms, "IPv6 prefix option for DHCPv6",
              RFC 3363, December 2003.

7.2 Informative References

   [FQDNv6]   B. Volz, "The DHCPv6 Client FQDN Option", draft-ietf-dhc-
              dhcpv6-fqdn-00.txt, September, 2004.

   [RFC3736]  R. Droms, "Stateless Dynamic Host Configuration Protocol
              (DHCP) Service for IPv6", RFC 3736, April 2004.

   [RADNS]    R. Yan, "DNS update in IPv6 stateless configuration",
              draft-yan-ipv6-ra-dns-01.txt, June 2005.

Authors' Addresses

   Renxiang Yan
   Yinglan Jiang
   Luoning Gui
   Research & Innovation Center
   Alcatel Shanghai Bell Co., Ltd.
   388#, NingQiao Road, Pudong Jinqiao,
   Shanghai 201206 P.R. China
   Phone: +86 (21) 5854-1240, ext. 7169

   Email: renxiang.yan@alcatel-sbell.com.cn
          Yinglan.jiang@alcatel-sbell.com.cn
          Luoning.gui@alcatel-sbell.com.cn

   Xiaodong Duan
   Research & Development Center
   China Mobile Communications Corporation
   53A, Xibianmennei Ave., Xuanwu District,
   Beijing, 100053 P.R. China
   Phone: +86 (10) 6600-6688, ext. 3062

   Email: duanxiaodong@chinamobile.com

Full Copyright Statement

   Copyright (C) The Internet Society (2005).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.