GEOPRIV                                                       M. Thomson
Internet-Draft                                           J. Winterbottom
Intended status: Standards Track                                  Andrew
Expires: December 15, 2008                                 June 13, 2008                                 December 11, 2007

        Discovering the Local Location Information Server (LIS)

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on June 13, December 15, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2007).


   A method is described for the discovery of a Location Information
   Server.  The method consists of attempting to use a Dynamic Host
   Configuration Protocol (DHCP) option, followed by a URI-enabled NAPTR
   (U-NAPTR).  DHCP options are defined for both IPv4 and IPv6 DHCP.
   This document also defines a U-NAPTR Application Service for a LIS,
   with a specific Application Protocol for the HTTP Enabled Location
   Delivery (HELD) protocol.

Table of Contents

   1.  Introduction and Overview  . . . . . . . . . . . . . . . . . .  3
     1.1.  DHCP Discovery . . . . . . . . . . . . . . . . . . . . . .  3
     1.2.  U-NAPTR Discovery  . . . . . . . . . . . . . . . . . . . .  3
     1.3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  LIS Discovery Using DHCP . . . . . . . . . . . . . . . . . . .  5
     2.1.  DHCPv4 Option for a LIS Address  . . . . . . . . . . . . .  5
     2.2.  DHCPv6 Option for a LIS Address  . . . . . . . . . . . . .  5
   3.  U-NAPTR for LIS Discovery  . . . . . . . . . . . . . . . . . .  7
   4.  Determining the Access Network Domain Name . . . . . . . . . .  8
     4.1.  DHCP Domain Name Option  . . . . . . . . . . . . . . . . .  8
     4.2.  Reverse DNS  . . . . . . . . . . . . . . . . . . . . . . .  8
       4.2.1.  Determining an External IP Address . . . . . . . . . .  9
   5.  Discovery Order  . . . . . . . . . . . . . . . . . . . . . . . 11
     5.1.  Virtual Private Networks (VPNs)  . . . . . . . . . . . . . 12
   6.  Security Considerations  Access Network Guidance  . . . . . . . . . . . . . . . . . . . 13
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 14
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 14
     7.1. 15
     8.1.  Registration of DHCPv4 and DHCPv6 Option Codes . . . . . . 14
     7.2. 15
     8.2.  Registration of a Location Server Application Service
           Tag  . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
     7.3. 15
     8.3.  Registration of a Location Server Application Protocol
           Tag for HELD . . . . . . . . . . . . . . . . . . . . . . . 14
   8. 15
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
   9. 17
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
     9.1. 18
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 17
     9.2. 18
     10.2. Informative References . . . . . . . . . . . . . . . . . . 17 18
   Appendix A.  Residential Broadband LIS Discovery Example . . . . . 19 20
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 23
   Intellectual Property and Copyright Statements . . . . . . . . . . 23 24

1.  Introduction and Overview

   Discovering a Location Information Server (LIS) is an important part
   of the location acquisition process.  The LIS is an access network
   service that needs to be discovered before it can be used.  This
   document describes a method that a host can use to discover a URI for
   a LIS.

   The product of a discovery process, such as the one described in this
   document, is the address of the service.  In this document, the
   result is a URI, which identifies a LIS.  A URI permits
   identification of a LIS that includes information about protocols and
   other supplementary information.

   The discovery process requires that the host first attempt LIS
   discovery using Dynamic Host Configuration protocol (DHCP).  If DHCP
   is not available, or the option is not supported by the network, the
   host attempts to discover the LIS using the DNS and URI-enabled
   Naming Authority Pointer (U-NAPTR).  Finally, the host can rely on
   proprietary methods for determining the address of the LIS, including
   static configuration.

   The URI result from the discovery process is suitable for location
   configuration only; that is, the client MUST dereference the URI
   using the process described in HELD
   [I-D.ietf-geopriv-http-location-delivery].  URIs discovered in this
   way are not "location by reference" URIs; dereferencing one of them
   provides the location of the requester only.  Clients MUST NOT embed
   these URIs in fields in other protocols designed to carry the
   location of the client.

1.1.  DHCP Discovery

   DHCP ([RFC2131], [RFC3315]) is a commonly used mechanism for
   providing bootstrap configuration information allowing a host to
   operate in a specific network environment.  The bulk of DHCP
   information is largely static; consisting of configuration
   information that does not change over the period that the host is
   attached to the network.  Physical location information might change
   over this time, however the address of the LIS does not.  Thus, DHCP
   is suitable for configuring a host with the address of a LIS.

1.2.  U-NAPTR Discovery

   Where DHCP is not available, the DNS might be able to provide a URI.
   For DNS methods, alternative discovery techniques SRV records
   [RFC2782] or Straightforward NAPTR (S-NAPTR) [RFC3958] provide an
   indication of a service for a domain, but these methods cannot be
   used; SRV and S-NAPTR only permit the return of a hostname and port,
   not a URI.  URI-enabled NAPTR (U-NAPTR) [RFC4848], which is based on
   S-NAPTR, describes a method of applying the Dynamic Delegation
   Discovery Service (DDDS) for URI results.

   For the LIS discovery DDDS application, an Application Service tag
   "LIS" and an Application Protocol tag "HELD" are created and
   registered with the IANA.  Taking a domain name, this U-NAPTR
   application uses the two tags to determine the LIS URI.

   Determining the domain name to be used is a critical part of the
   resolution process.  The second part of this document describes how a
   domain name can be derived.  Several methods are described that
   address different scenarios.

1.3.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

   This document also uses the term "host" to refer to an end host.  In
   RFC3693 [RFC3693] parlance, the host is the Device, which might also
   be the Target.

   The terms "access network" refers to the network that a host connects
   to for Internet access.  The "access network provider" is the entity
   that operates the access network.  This is consistent with the
   definition in [I-D.ietf-geopriv-l7-lcp-ps] which combines the
   Internet Access Provider (IAP) and Internet Service Provider (ISP).
   The access network provider is responsible for allocating the host an
   IP address and for directly or indirectly providing a LIS service.

2.  LIS Discovery Using DHCP

   DHCP allows the access network provider to specify the address of a
   LIS as part of network configuration.  This document registers DHCP
   options for a LIS address for both IPv4 and IPv6.

2.1.  DHCPv4 Option for a LIS Address

   This section defines a DHCP for IPv4 (DHCPv4) option for the address
   of a LIS.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   |    LIS_URI    |    Length     |         URI ...               .
   |                              URI                            ...

                      Figure 1: DHCPv4 LIS URI Option

   LIS_URI:  The IANA assigned option number (TBD).

   Length:  The length of the URI in octets.

   URI:  The address of the LIS.  This URI SHOULD NOT be more than 253
      bytes in length, but MAY be extended by concatenating multiple
      option values, as described in [RFC3396].  The URI MUST NOT be
      NULL terminated.

2.2.  DHCPv6 Option for a LIS Address

   This section defines a DHCP for IPv6 (DHCPv6) option for the address
   of a LIS.  The DHCPv6 option for this parameter is similarly
   formatted to the DHCPv4 option.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   |       OPTION_LIS_URI          |           Length              |
   |                              URI                            ...

                      Figure 2: DHCPv6 LIS URI Option
   OPTION_LIS_URI:  The IANA assigned option number (TBD).

   Length:  The length of the URI in octets.

   URI:  The address of the LIS.  The URI MUST NOT be NULL terminated.

3.  U-NAPTR for LIS Discovery

   U-NAPTR resolution for a LIS takes a domain name as input and
   produces a URI that identifies the LIS.  This process also requires
   an Application Service tag and an Application Protocol tag, which
   differentiate LIS-related NAPTR records from other records for that

   Section 7.2 8.2 defines an Application Service tag of "LIS", which is
   used to identify the location service for a particular domain.  The
   Application Protocol tag "HELD", defined in Section 7.3, 8.3, is used to
   identify a LIS that understands the HELD protocol

   The NAPTR records in the following example demonstrate the use of the
   Application Service and Protocol tags.  Iterative NAPTR resolution is
   used to delegate responsibility for the LIS service from
   "" and "" to
      ;;       order pref flags
      IN NAPTR 100   10   ""  "LIS:HELD" (          ; service
          ""                                        ; regex
                    ; replacement
      ;;       order pref flags
      IN NAPTR 100   10   ""  "LIS:HELD" (          ; service
          ""                                        ; regex
                    ; replacement
      ;;       order pref flags
      IN NAPTR 100   10   "u"  "LIS:HELD" (         ; service
          "!*.!!" ; regex
          .                                         ; replacement

              Figure 3: Sample LIS:HELD Service NAPTR Records

   Details for the "LIS" Application Service tag and the "HELD"
   Application Protocol tag are included in Section 7. 8.

4.  Determining the Access Network Domain Name

   The U-NAPTR discovery method described in Section 3 requires that the
   domain name applicable to the access network is known.  An
   unconfigured host might not have this information, therefore it must
   determine this value before the U-NAPTR method can be attempted.

   This section describes several methods for discovering a domain name
   for the local access network.  Each method is attempted where
   applicable until a domain name is derived.  If a domain name is
   successfully derived but that domain name does not produce any
   U-NAPTR records, alternative methods can be attempted to determine
   additional domain names.  Reattempting with different methods is
   particularly applicable when NAT is used, as is shown in
   Section 4.2.1.

4.1.  DHCP Domain Name Option

   For IP version 4, Dynamic Host Configuration Protocol (DHCP) option
   15 [RFC2131] includes the domain name suffix for the host.  If DHCP
   and option 15 are available, this value should be used as input the
   U-NAPTR procedure.

   DHCP for IPv6 provides a single domain name suffix that can be used
   in the same manner, as a described in

   Alternatively, a fully qualified domain name (FQDN) for the host
   might be provided by the server ([RFC4702] for DHCPv4, [RFC4704] for
   DHCPv6).  This domain name is used as input to the U-NAPTR resolution
   and is obtained from the FQDN by removing the first label.  If the
   host has provided a fully qualified domain name using this option, it
   SHOULD NOT be used - the domain known to the host might not be the
   same as that of the access network.

   Either DHCP method SHOULD be attempted first if DHCP is available.
   Note that this method is only attempted if the LIS address option is
   not available.

4.2.  Reverse DNS

   DNS "PTR" records in the "" domain can be used to
   determine the domain name of a host, and therefore, the name of the
   domain for that host.  The use of the "" domain is
   described in [RFC1034] and results in the domain name of the host.
   Likewise, IPv6 hosts use the "" domain.  In the majority of
   cases, the domain part of this name (everything excluding the first
   label) is also the domain name for the access network.  Assuming that
   this is true, this domain name can be used as input to the U-NAPTR

   For example, if the for "" address, if the "PTR" record at
   "" refers to "", this results
   in a U-NAPTR search for "".

   The DNS hierarchy does not necessarily directly map onto a network
   topology (see [RFC4367]); therefore, this method MUST only be used
   for the domain name determined by removing the first label only.
   This method assumes that the access network provider also provides
   the reverse DNS record and they control the domain that is indicated
   in the "PTR" record.

   Furthermore, this method might not apply where a host is given a
   domain name that is different from the domain name of the access
   network.  This might occur in some hosting configurations, such as
   where a number of web server hosts, with widely varying domain names,
   are co-located.  From the above example, the access network provider
   allocated "" to the host; therefore, they also need to
   control the DNS domain "" and the associated NAPTR
   records.  DNS Security Extensions (DNSSEC) [RFC4033] provides a
   cryptographic means of validating this association, through data
   origin authentication.

4.2.1.  Determining an External IP Address

   Reverse DNS relies on knowing the IP address of a host within the
   access domain.  Initially, this SHOULD be attempted using the IP
   address that is assigned to a local interface on the host.  However,
   when a NAT device is used, the IP address of the NAT device is
   substituted for the source IP address.  If a NAT device exists
   between the host and the access network, the host does not have any
   direct way to determine the IP address that it is effectively using
   within the access network.  The IP address of the NAT device and the
   corresponding domain name can be used to discover the LIS.

   In order to use reverse DNS in this configuration, the hosts need to
   know the IP address that the NAT device uses.  The following sections
   describe some possible methods.

   These methods are particularly useful in residential broadband
   configurations.  A large proportion of residential broadband services
   employ a NAT device so that several hosts can share the same Internet
   access.  Since the network behind the NAT device are generally very
   small, both in numbers and geographical area, it isn't necessary for
   a LIS to operate within that network; the hosts are able to access a
   LIS in the access network outside of the NAT device.  UPnP

   If a NAT device complies with the Universal Plug and Play (UPnP)
   specification [UPnP-IGD-WANIPConnection1], the WANIPConnection part
   can be used to query the device for its public IP address.  The
   "GetExternalIPAddress" function provides the external address for a
   particular network connection.

   UPnP defines a method for discovering UPnP-enabled hosts in a
   network; the host does not need any prior configuration to employ
   this method.  STUN

   A host can use the Session Traversal Utilities for NAT (STUN)
   [I-D.ietf-behave-rfc3489bis] to determine a public IP address.  The
   host uses the "Binding Request" message and the resulting
   "XOR-MAPPED-ADDRESS" parameter that is returned in the response.

   Using STUN requires cooperation from a publicly accessible STUN
   server.  The host also requires configuration information that
   identifies the STUN server, or a domain name that can be used for
   STUN server discovery.  Other Options

   The source IP address in any IP packet can be used to determine the
   public IP address of a host.  While the STUN method uses a small part
   of a more sophisticated protocol, this principle can be applied using
   any other protocol.  Like STUN, this method requires prior knowledge
   of the publicly accessible server and the method that it supports.

   For instance, a publicly accessible host could be configured to
   respond to a UDP packet on a predefined port; the data of the
   response could contain the source IP address that was in the request.
   Alternatively, a HTTP server at a particular URL could be configured
   to respond to a GET request with a "text/plain" body containing the
   IP address of the requester.  HTTP proxies render this method
   unusable; in particular, transparent HTTP proxies might affect the
   results of this method without the knowledge of the host.  Such
   services already exist on the public Internet.

5.  Discovery Order

   The previous sections described a set of procedures that allow a
   device to determine the LIS associated with the local access network.
   Some networks maintain a topology analogous to an onion and are
   comprised of layers, or segments, separating hosts from the Internet
   through intermediate networks.  It is best therefore for a host to
   discover the LIS logically closest to it, and this can best be done
   by applying the discovery techniques in the following order:

   1.  DHCP LIS URI Option

   2.  DNS U-NAPTR Discovery, using the domain name from:


       A.  DHCP Domain Name Option


       B.  Reverse DNS, using the hosts IP address from:

           1.  the local network interface and immediate network segment

           2.  the network segment adjacent to the immediate segment, as
               revealed by UPnP

           3.  the public Internet, as revealed by STUN; or the network
               segment where the STUN server resides

           (4.)  any network segment, as revealed by other method

   3.  Static configuration

   DHCP discovery MUST be attempted before DNS discovery.  This allows
   the network access provider a direct and explicit means of
   configuring a LIS address.  DNS discovery is used as a failsafe,
   providing a means to discover a LIS where the DHCP infrastructure
   does not support the LIS URI option.

   Static host configuration MAY be used to provide a LIS address if
   both DHCP and DNS methods fail.  Note however, that if a host has
   moved from its customary location, static configuration might
   indicate a LIS that is unable to provide a location.  User
   interaction is NOT RECOMMENDED; the discovery process is not easily
   diagnosed by a user.

   LIS discovery through DNS requires the host to determine the domain
   name of the local access network.  Where DHCP is available, the DHCP
   domain name option (Section 4.1) can be used to provide this
   information.  If the domain name cannot be determined from DHCP, or
   the resulting domain name fails to yield a valid LIS address then
   reverse DNS is used.

   The discovery procedure assumes that the correct LIS is in a network
   segment that is closer to the host.  Each network segment between the
   host and LIS decreases the chance that the LIS is able to correctly
   determine a location for the host.

   Discovery methods follow an order of precedence.  The exception is
   for alternative methods of determining the hosts IP address in each
   network segment; precedence is given to addresses in the network
   segments closer to the host.  Therefore, the host MUST attempt to use
   the IP address assigned to its local network interface before
   attempting to determine its IP address.  Precedence is given to
   methods, like UPnP that provide an IP address in adjacent network
   segments.  Methods for determining addresses on the public Internet
   are given lower precedence.

   To claim compliance with this document, a host MUST support both DHCP
   discovery and U-NAPTR discovery.  Further, the host MUST support
   retrieval of domain name from DHCP and reverse DNS, using a local
   interface address, UPnP and STUN.  Additional methods for determining
   the IP address of the host in different network segments are

5.1.  Virtual Private Networks (VPNs)

   Where a host has multiple network interfaces the host MAY
   independently discover the LIS corresponding to the access networks
   reached by each network interface.  Resolving which LIS to contact
   for location information is a host application issue.

   LIS discovery over a VPN network interface SHOULD NOT be performed
   since such a LIS does not have the physical presence generally
   necessary to determine location.  However, since not all VPN
   interfaces can be detected by hosts, a LIS SHOULD NOT respond provide
   location information in response to requests originating from a VPN
   pool.  This ensures that even if a host discovers a LIS over the VPN,
   it does not rely on a LIS that is unable to provide accurate location
   information.  The exception to this is where the LIS and host are
   able to determine a location without access network support.

   TBD: Is there an advantage in providing

6.  Access Network Guidance

   In order to successfully discover a HELD error code that
   indicates LIS, a host relies on information
   provided by the access network.  DHCP and DNS servers need to be able
   to provide the data that the device depends on.  This section
   provides guidance on what information needs to be made available to a
   host has reached for it to successfully discover a LIS.

   Access networks that provide both a LIS and a DHCP server must
   provide the DHCP option for the LIS over address.  Since DHCP must be
   attempted first, if it can be guaranteed that DHCP can be used by all
   hosts in the network, no further configuration is necessary.

   Unless DHCP can be relied upon for all hosts in the network (see
   [I-D.ietf-geopriv-l7-lcp-ps] for common scenarios), DNS discovery
   methods must also be supported.  To support the DNS discovery
   methods, the access network must provide two sets of DNS records: the
   (U-)NAPTR records that enable the discovery of a VPN?

6. LIS URI from a
   domain name; and the reverse DNS records that enable the discovery of
   a domain name based on the IP address of the host.

   Access networks that provide a LIS should also provide reverse DNS
   records for all IP addresses they administer.  For each domain that
   is referenced in reverse DNS records, a NAPTR record in that domain
   must be provided for the "LIS:HELD" service that can be used to
   resolve the address of a LIS.

   Note:  The DHCP domain name option is notably absent from this
      guidance.  The domain name option provides a quicker and more
      reliable means to discover the domain name in the case where a
      DHCP server does not support the LIS URI option.

7.  Security Considerations

   The primary attack against the methods described in this document is
   one that would lead to impersonation of a LIS.  The LIS is
   responsible for providing location information and this information
   is critical to a number of network services; furthermore, a host does
   not necessarily have a prior relationship with a LIS.  Several
   methods are described here that can limit the probablity of, or
   provide some protection against, such an attack.

   The address of a LIS is usually well-known within an access network;
   therefore, interception of messages does not introduce any specific

   If DHCP is used, the integrity of DHCP options is limited by the
   security of the channel over which they are provided.  Physical
   security and separation of DHCP messages from other packets are
   commonplace methods that can reduce the possibility of attack within
   an access network; alternatively, DHCP authentication [RFC3118] can
   provide a degree of protection against modification.

   An attacker could attempt to compromise the U-NAPTR resolution.  A
   description of the security considerations for U-NAPTR applications
   is included in [RFC4848].

   In addition to considerations related to U-NAPTR, it is important to
   recognize that the output of this is entirely dependent on its input.
   An attacker who can control the domain name can also control the
   final URI.  Because a number of methods are provided for determining
   the domain name, a host implementation needs to consider attacks
   against each of the methods that are used.

   Reverse DNS is subject to the maintenance of the "" or
   "" domain and the integrity of the results that it provides.
   DNSSEC [RFC4033] provides some measures that can improve the
   reliability of DNS results.  In particular, DNSSEC SHOULD be applied
   to ensure that the reverse DNS record and the resulting domain are
   provided by the same entity before this method is used.  Without this
   assurance, the host cannot be certain that the access network
   provider has provided the NAPTR record for the domain name that is

   Hosts behind NAT devices are also subject to attacks when retrieving
   their public IP address.  [I-D.ietf-behave-rfc3489bis] describes some
   means of mitigating this attack for STUN.


8.  IANA Considerations


8.1.  Registration of DHCPv4 and DHCPv6 Option Codes

   The IANA is requested to assign an option code for the DHCPv4 option
   for a LIS address, as described in Section 2.1 of this document.

   The IANA is requested to assign an option code for the DHCPv6 option
   for a LIS address, as described in Section 2.2 of this document.


8.2.  Registration of a Location Server Application Service Tag

   This section registers a new S-NAPTR/U-NAPTR Application Service tag
   for a LIS, as mandated by [RFC3958].

   Application Service Tag:  LIS

   Intended usage:  Identifies a service that provides a host with its
      location information.

   Defining publication:  RFCXXXX

   Related publications:  HELD [I-D.ietf-geopriv-http-location-delivery]

   Contact information:  The authors of this document

   Author/Change controller:  The IESG


8.3.  Registration of a Location Server Application Protocol Tag for

   This section registers a new S-NAPTR/U-NAPTR Application Protocol tag
   for the HELD [I-D.ietf-geopriv-http-location-delivery] protocol, as
   mandated by [RFC3958].

   Application Service Tag:  HELD

   Intended Usage:  Identifies the HELD protocol.

   Applicable Service Tag(s):  LIS

   Terminal NAPTR Record Type(s):  U

   Defining Publication:  RFCXXXX
   Related Publications:  HELD [I-D.ietf-geopriv-http-location-delivery]

   Contact Information:  The authors of this document

   Author/Change Controller:  The IESG


9.  Acknowledgements

   The authors would like to thank Leslie Daigle for her work on
   U-NAPTR; Peter Koch for his feedback on the DNS aspects of this
   document; Andy Newton for constructive suggestions with regards to
   document direction; Hannes Tschofenig and Richard Barnes for input
   and reviews.


10.  References


10.1.  Normative References

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, November 1987.

   [RFC2131]  Droms, R., "Dynamic Host Configuration Protocol",
              RFC 2131, March 1997.

   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC3396]  Lemon, T. and S. Cheshire, "Encoding Long Options in the
              Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
              November 2002.

   [RFC4702]  Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
              Configuration Protocol (DHCP) Client Fully Qualified
              Domain Name (FQDN) Option", RFC 4702, October 2006.

   [RFC4704]  Volz, B., "The Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
              Option", RFC 4704, October 2006.

   [RFC4848]  Daigle, L., "Domain-Based Application Service Location
              Using URIs and the Dynamic Delegation Discovery Service
              (DDDS)", RFC 4848, April 2007.

              Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
              "Session Traversal Utilities for (NAT) (STUN)",
              draft-ietf-behave-rfc3489bis-15 (work in progress),
              November 2007.

              Yan, R., "Domain Suffix Option for DHCPv6",
              draft-ietf-dhc-dhcpv6-opt-dnsdomain-04 (work in progress),
              June 2007.
              February 2008.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.


10.2.  Informative References

   [RFC2782]  Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
              specifying the location of services (DNS SRV)", RFC 2782,
              February 2000.

   [RFC3118]  Droms, R. and W. Arbaugh, "Authentication for DHCP
              Messages", RFC 3118, June 2001.

   [RFC3693]  Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
              J. Polk, "Geopriv Requirements", RFC 3693, February 2004.

   [RFC3958]  Daigle, L. and A. Newton, "Domain-Based Application
              Service Location Using SRV RRs and the Dynamic Delegation
              Discovery Service (DDDS)", RFC 3958, January 2005.

   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "DNS Security Introduction and Requirements",
              RFC 4033, March 2005.

   [RFC4367]  Rosenberg, J. and IAB, "What's in a Name: False
              Assumptions about DNS Names", RFC 4367, February 2006.

              Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
              Location Configuration Protocol; Problem Statement and
              Requirements", draft-ietf-geopriv-l7-lcp-ps-06 draft-ietf-geopriv-l7-lcp-ps-07 (work in
              progress), November 2007. March 2008.

              Barnes, M., Winterbottom, J., Thomson, M., and B. Stark,
              "HTTP Enabled Location Delivery (HELD)",
              draft-ietf-geopriv-http-location-delivery-07 (work in
              progress), November 2007. April 2008.

              UPnP Forum, "Internet Gateway Device (IGD) Standardized
              Device Control Protocol V 1.0: WANIPConnection:1 Service
              Template Version 1.01 For UPnP Version 1.0", DCP 05-001,
              Nov 2001.

Appendix A.  Residential Broadband LIS Discovery Example

   This example shows how LIS discovery using U-NAPTR and DNS might be
   performed in a residential broadband scenario.  The assumed network
   topology for this network is shown in Figure 4.

                                  __________             __________
      +----------------+         (          )           (          )
      |      NAT       |        (   ACCESS   )         (            )
      | (Home Router)  |-------(    NETWORK   )-------(   INTERNET   )
      |   |        ( )         (            )
      +----------------+         (          )           (          )
              |                   ----------             ----------
              |                                               :
              |                                               :
      +----------------+                            +-----------------+
      |     DEVICE     |                            |  VOICE SERVICE  |
      |                |                            |  PROVIDER (VSP) |
      |  |                            |   STUN SERVER   |
      +----------------+                            +-----------------+

                    Figure 4: Example Network Topology

   In this example, the host sits behind a home router that includes a
   NAT function.  The host is assigned an address from the private
   192.168.x.x address range, in this case  The outbound
   IP address provided to the home router is public and and belongs to
   the domain; in this example the home router is assigned, which is also given the domain name 192-0-2-

   In this example, several methods are not possible due to the
   configuration of the devices and network.  The DHCP server on the
   home router does not support the LIS URI option, and a domain name is
   not configured on the router.  In addition to this, the UPnP service
   on home router is disabled.  Therefore, the host attempts these
   methods and is unsuccessful.

   The example first covers the unsuccessful attempts to discover the
   LIS, followed by a successful application of DNS discovery based on
   an address provided by a STUN server.  In this situation, the STUN
   server is provided by a Voice Service Provider (VSP) that the owner
   of the host purchases a voice service from.  The address of the STUN
   server is configured on the host.  The VSP is a separate entity on
   the public Internet with no relation to the access network provider.

   The sequence diagram below shows each of the failed attempts to
   discover the LIS, followed by the successful discovery using the STUN
   server, reverse DNS and the DNS discovery method.

   +-------+         +--------+     +-----+     +-----+    +--------+
   | HOST  |         |  HOME  |     | DNS |     | LIS |    |  STUN  |
   |       |         | ROUTER |     |     |     |     |    | SERVER |
   +---+---+         +----+---+     +--+--+     +--+--+    +---+----+
       |                  |            |           |           |
     1 +--- DHCPINFORM -->|            |           |           |
       |                  |            |           |           |
     2 |<---- DHCPACK ----+            |           |           |
       |                  |            |           |           |
     3 +------- DNS: PTR ------------->|           |           |
       |  |           |           |
       |                  |            |           |           |
     4 |<------ DNS: no domain --------+           |           |
       |                  |            |           |           |
     5 +----- UPnP: ----->|            |           |           |
       |   ssdp:discover  |            |           |           |
       |                  |            |           |           |
     6 |  (no response)   |            |           |           |
       |                  |            |           |           |
     7 +---------------- STUN: Binding Request --------------->|
       |                  |            |           |           |
     8 |<------- STUN: XOR-MAPPED-ADDRESS = ( ------+
       |                  |            |           |           |
     9 +------- DNS: PTR ------------->|           |           |
       |   |           |           |
       |                  |            |           |           |
    10 |<--- ---+           |           |
       |                  |            |           |           |
    11 +--- DNS: NAPTR ---->|           |           |
       |                  |            |           |           |
    12 |<--- --+           |           |
       |                  |            |           |           |
    13 +-------- HELD: locationRequest ----------->|           |
       |                  |            |           |           |
       .                  .            .           .           .

                     Figure 5: LIS Discovery Sequence

   1.   The host makes a DHCP request for the LIS URI option.  To reduce
        the overall time required in case the LIS URI is unknown, the
        host also requests the domain name option.

   2.   The DHCP server (in the home router) responds but does not have
        either datum.  Therefore, the host is unable to use the DHCP
        method, or use the domain name to perform U-NAPTR discovery.

   3.   The host then attempts reverse DNS based on its IP address
        (  The host makes a DNS PTR request for

   4.   The DNS server has no knowledge of the private network segment
        and so indicates that there is no such domain.

   5.   The host then must determine its address in a different network
        segment.  It first attempts to discover this using UPnP.  The
        host broadcasts a UPnP discovery message, attempting to locate a
        UPnP capable device that supports the WANIPConnection profile.

   6.   There are no UPnP devices on the network and the UPnP discovery
        message is unanswered.

   7.   The host contacts a STUN server, which is configured on the
        host.  It sends a Binding Request to the STUN server.

   8.   The STUN server responds to the Binding Request, including the
        XOR-MAPPED-ADDRESS parameter.  The host decodes this parameter,
        which reveals the IP address of the home router:

   9.   The host requests the domain name assigned to  It
        makes a DNS PTR request to ""

   10.  The DNS server indicates that is assigned the name

   11.  The host removes the host part of the domain name and makes a
        DNS NAPTR request for the domain ""

   12.  The DNS server provides all NAPTR records for the ""
        domain.  The host finds the record with a service tag of
        "LIS:HELD" and retrieves the URI from the regexp field.  The URI
        of the LIS is found to be "".

   13.  The host sends a HELD "locationRequest" to the LIS.

Authors' Addresses

   Martin Thomson
   PO Box U40
   Wollongong University Campus, NSW  2500

   Phone: +61 2 4221 2915

   James Winterbottom
   PO Box U40
   Wollongong University Campus, NSW  2500

   Phone: +61 2 4221 2938

Full Copyright Statement

   Copyright (C) The IETF Trust (2007). (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at


   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).