draft-ietf-ipngwg-icmp-name-lookups-15.txt   rfc4620.txt 
IPv6 WG M. Crawford Network Working Group M. Crawford
Internet-Draft Fermilab Request for Comments: 4620 Fermilab
Expires: August 17, 2006 B. Haberman, Ed. Category: Experimental B. Haberman, Ed.
JHU APL JHU APL
February 13, 2006 August 2006
IPv6 Node Information Queries IPv6 Node Information Queries
draft-ietf-ipngwg-icmp-name-lookups-15
Status of this Memo Status of This Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 17, 2006. This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document describes a protocol for asking an IPv6 node to supply This document describes a protocol for asking an IPv6 node to supply
certain network information, such as its hostname or fully-qualified certain network information, such as its hostname or fully-qualified
domain name. IPv6 implementation experience has shown that direct domain name. IPv6 implementation experience has shown that direct
queries for a hostname are useful, and a direct query mechanism for queries for a hostname are useful, and a direct query mechanism for
other information has been found useful in serverless environments other information has been found useful in serverless environments
and for debugging. and for debugging.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................2
2. Applicability Statement . . . . . . . . . . . . . . . . . . . 3 2. Applicability Statement .........................................2
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology .....................................................2
4. Node Information Messages . . . . . . . . . . . . . . . . . . 4 4. Node Information Messages .......................................3
5. Message Processing . . . . . . . . . . . . . . . . . . . . . . 6 5. Message Processing ..............................................5
6. Defined Qtypes . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Defined Qtypes ..................................................6
6.1. NOOP . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.1. NOOP .......................................................7
6.2. Node Name . . . . . . . . . . . . . . . . . . . . . . . . 8 6.2. Node Name ..................................................7
6.3. Node Addresses . . . . . . . . . . . . . . . . . . . . . . 9 6.3. Node Addresses .............................................8
6.4. IPv4 Addresses . . . . . . . . . . . . . . . . . . . . . . 10 6.4. IPv4 Addresses .............................................9
6.4.1. Discussion . . . . . . . . . . . . . . . . . . . . . . 10 6.4.1. Discussion ..........................................9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7. IANA Considerations ............................................10
8. Security Considerations . . . . . . . . . . . . . . . . . . . 11 8. Security Considerations ........................................10
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 9. Acknowledgements ...............................................11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 10. References ....................................................11
10.1. Normative References . . . . . . . . . . . . . . . . . . . 12 10.1. Normative References .....................................11
10.2. Informative References . . . . . . . . . . . . . . . . . . 13 10.2. Informative References ...................................12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
Intellectual Property and Copyright Statements . . . . . . . . . . 15
1. Introduction 1. Introduction
This document specifies a mechanism for discovering information about This document specifies a mechanism for discovering information about
names and addresses. The applicability of these mechanisms is names and addresses. The applicability of these mechanisms is
currently limited to diagnostic and debugging tools and network currently limited to diagnostic and debugging tools and network
management (e.g. node discovery). In the global internet, the Domain management (e.g., node discovery). In the global internet, the
Name System[1][2] is the authoritative source of such information and Domain Name System (DNS) [1][2] is the authoritative source of such
this specification is not intended to supplant or supersede it. And information and this specification is not intended to supplant or
in fact, in a well-supported network, the names and addresses dealt supersede it. In fact, in a well-supported network, the names and
with by this mechanism will be the same ones, and with the same addresses dealt with by this mechanism will be the same ones, with
relationships, as those listed in the DNS. the same relationships, as those listed in the DNS.
This new Node Information protocol does provide facilities which are This new Node Information protocol provides facilities that are not
not found in the DNS - for example discovering relationships between found in the DNS, for example, discovering relationships between
addresses without reference to names. And the functions that do addresses without reference to names. The functions that do overlap
overlap with the DNS may be useful in serverless environments, for with the DNS may be useful in serverless environments, for debugging,
debugging, or in regard to link-local and unique-local addresses [3] or in regard to link-local and unique-local addresses [3] that often
which often will not be listed in the DNS. will not be listed in the DNS.
2. Applicability Statement 2. Applicability Statement
IPv6 Node Information Queries include the capability to provide IPv6 Node Information Queries include the capability to provide
forward and reverse name lookups independent of the DNS by sending forward and reverse name lookups independent of the DNS by sending
packets directly to IPv6 nodes or groups of nodes. packets directly to IPv6 nodes or groups of nodes.
The applicability of these mechanisms is currently limited to The applicability of these mechanisms is currently limited to
diagnostic and debugging tools and network management (e.g. node diagnostic and debugging tools and network management (e.g., node
discovery). These mechanisms can be used to learn the addresses and discovery). These mechanisms can be used to learn the addresses and
names for nodes on the other end of a point-to-point link or nodes on names for nodes on the other end of a point-to-point link or nodes on
a shared-medium link such as an Ethernet. This is very useful when a shared-medium link such as an Ethernet. This is very useful when
debugging problems or when bringing up IPv6 service where there isn't debugging problems or when bringing up IPv6 service where there is no
global routing or DNS name services available. IPv6's large auto- global routing or DNS name services available. IPv6's large auto-
configured addresses make debugging network problems and bringing up configured addresses make debugging network problems and bringing up
IPv6 service difficult without these mechanisms. An example of an IPv6 service difficult without these mechanisms. An example of an
IPv6 debugging tool using IPv6 Node Information Queries is the ping6 IPv6 debugging tool using IPv6 Node Information Queries is the ping6
program in the KAME (<http://www.kame.net>), USAGI, and other IPv6 program in the KAME (http://www.kame.net), USAGI, and other IPv6
implementations. implementations.
The mechanisms defined in this document may have wider applicability The mechanisms defined in this document may have wider applicability
in the future, but any use beyond debugging and diagnostic tools is in the future, but any use beyond debugging and diagnostic tools is
left for further study and is beyond the scope of this document. left for further study and is beyond the scope of this document.
3. Terminology 3. Terminology
A "Node Information (or NI) Query" message is sent by a "Querier" A "Node Information Query" (or "NI Query") message is sent by a
node to a "Responder" node in an ICMPv6 packet addressed to the "Querier" node to a "Responder" node in an ICMPv6 packet addressed to
"Queried Address." The Query contains a "Subject Address" (which may the "Queried Address". The Query contains a "Subject Address" (which
differ from the Queried Address and may be an IPv6 or IPv4 address) may differ from the Queried Address and may be an IPv6 or IPv4
or a "Subject Name". The Responder sends a "Node Information Reply" address) or a "Subject Name". The Responder sends a "Node
to the Querier, containing information associated with the node at Information Reply" to the Querier, containing information associated
the Queried Address. A node receiving an NI Query will be termed a with the node at the Queried Address. A node receiving an NI Query
Responder even if it does not send a reply. will be termed a Responder even if it does not send a reply.
The word "name" in this document refers to a hostname with or without The word "name" in this document refers to a hostname with or without
the domain. Where necessary, the cases of fully-qualified and the domain. Where necessary, the cases of fully-qualified and
single-label names will be distinguished. single-label names will be distinguished.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [4]. document are to be interpreted as described in [4].
Packet fields marked "unused" must be zero on transmission and, aside Packet fields marked "unused" must be zero on transmission and, aside
skipping to change at page 4, line 44 skipping to change at page 3, line 42
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ Nonce + + Nonce +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
/ Data / / Data /
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Node Information Messages Figure 1: Node Information Messages
Fields: Fields:
o Type o Type
* 139 - NI Query * 139 - NI Query
* 140 - NI Reply * 140 - NI Reply
o Code o Code
* For NI Query * For NI Query
+ 0 - Indicates that the Data field contains an IPv6 address + 0 - Indicates that the Data field contains an IPv6 address
which is the Subject of this Query. that is the Subject of this Query.
+ 1 - Indicates that the Data field contains a name which is + 1 - Indicates that the Data field contains a name that is
the Subject of this Query, or is empty, as in the case of a the Subject of this Query, or is empty, as in the case of a
NOOP. NOOP.
+ 2 - Indicates that the Data field contains an IPv4 address + 2 - Indicates that the Data field contains an IPv4 address
which is the Subject of this Query. that is the Subject of this Query.
* For NI Reply * For NI Reply
+ 0 - Indicates a successful reply. The Reply Data field may + 0 - Indicates a successful reply. The Reply Data field may
or may not be empty. or may not be empty.
+ 1 - Indicates that the Responder refuses to supply the + 1 - Indicates that the Responder refuses to supply the
answer. The Reply Data field will be empty. answer. The Reply Data field will be empty.
+ 2 - Indicates that the Qtype of the Query is unknown to the + 2 - Indicates that the Qtype of the Query is unknown to the
Responder. The Reply Data field will be empty. Responder. The Reply Data field will be empty.
o Checksum - The ICMPv6 checksum. o Checksum - The ICMPv6 checksum.
o Qtype - A 16-bit field which designates the type of information o Qtype - A 16-bit field that designates the type of information
requested in a Query or supplied in a Reply. Its value in a Reply requested in a Query or supplied in a Reply. Its value in a Reply
is always copied from the corresponding Query by the Responder. is always copied from the corresponding Query by the Responder.
Five values of Qtype are specified in this document. Five values of Qtype are specified in this document.
o Flags - Qtype-specific flags which may be defined for certain o Flags - Qtype-specific flags that may be defined for certain Query
Query types and their Replies. Flags not defined for a given types and their Replies. Flags not defined for a given Qtype must
Qtype must be zero on transmission and ignored on reception, and be zero on transmission and ignored on reception, and must not be
must not be copied from a Query to a Reply unless so specified in copied from a Query to a Reply unless so specified in the
the definition of the Qtype. definition of the Qtype.
o Nonce - An opaque 64-bit field to help avoid spoofing and/or to o Nonce - An opaque 64-bit field to help avoid spoofing and/or to
aid in matching Replies with Queries. Its value in a Query is aid in matching Replies with Queries. Its value in a Query is
chosen by the Querier. Its value in a Reply is always copied from chosen by the Querier. Its value in a Reply is always copied from
the corresponding Request by the Responder. the corresponding Request by the Responder.
o Data - In a Query, the Subject Address or Name. In a Reply, o Data - In a Query, the Subject Address or Name. In a Reply,
Qtype-specific data is present only when the ICMPv6 Code field is Qtype-specific data is present only when the ICMPv6 Code field is
zero. The length of the Data may be inferred from the IPv6 zero. The length of the Data may be inferred from the IPv6
header's Payload Length field[6], the length of the fixed portion header's Payload Length field [6], the length of the fixed portion
of the NI packet and the lengths of the ICMPv6 header and of the NI packet, and the lengths of the ICMPv6 header and
intervening extension headers. intervening extension headers.
Note that the type of information present in the Data field of a Note that the type of information present in the Data field of a
Query is declared by the ICMP Code, while the type of information, if Query is declared by the ICMP Code, whereas the type of information,
any, in the Data field of a Reply is determined by the Qtype. if any, in the Data field of a Reply is determined by the Qtype.
When the Subject of a Query is a name, the name MUST be in DNS wire When the Subject of a Query is a name, the name MUST be in DNS wire
format [2]. The name may be either a fully-qualified domain name, format [2]. The name may be either a fully-qualified domain name,
including the terminating zero-length label, or a single DNS label including the terminating zero-length label, or a single DNS label
followed by two zero-length labels. Since a Query contains at most followed by two zero-length labels. Since a Query contains at most
one name, DNS name compression MUST NOT be used. one name, DNS name compression MUST NOT be used.
5. Message Processing 5. Message Processing
The Querier constructs an ICMP NI Query and sends it to the address The Querier constructs an ICMP NI Query and sends it to the address
skipping to change at page 6, line 37 skipping to change at page 5, line 32
destination address of the Query, but need not be if the Querier has destination address of the Query, but need not be if the Querier has
useful a priori information about the addresses of the target node. useful a priori information about the addresses of the target node.
An NI Query may also be sent to a multicast address of link-local An NI Query may also be sent to a multicast address of link-local
scope [3]. scope [3].
When the Subject is a name, either fully-qualified or single- When the Subject is a name, either fully-qualified or single-
component, and the Querier does not have a unicast address for the component, and the Querier does not have a unicast address for the
target node, the query MUST be sent to a link-scope multicast address target node, the query MUST be sent to a link-scope multicast address
formed in the following way. The Subject Name is converted to the formed in the following way. The Subject Name is converted to the
canonical form defined by DNS Security [7], which is uncompressed canonical form defined by DNS Security [7], which is uncompressed
with all alphabetic characters in lower case. (If additional DNS with all alphabetic characters in lowercase. (If additional DNS
label types or character sets for host names are defined, the rules label types or character sets for hostnames are defined, the rules
for canonicalizing those labels will be found in their defining for canonicalizing those labels will be found in their defining
specification.) Compute the MD5 hash [8] of the first label of the specification.) Compute the MD5 hash [8] of the first label of the
Subject Name -- the portion beginning with the first one-octet length Subject Name--the portion beginning with the first one-octet length
field and up to, but excluding, any subsequent length field. Append field and up to, but excluding, any subsequent length field. Append
the first 24 bits of that 128-bit hash to the prefix FF02:0:0:0:0:2: the first 24 bits of that 128-bit hash to the prefix
FF00::/104. The resulting multicast address will be termed the "NI FF02:0:0:0:0:2:FF00::/104. The resulting multicast address will be
Group Address" for the name. A node will support an "NI Group termed the "NI Group Address" for the name. A node will support an
Address" for each unique single-label name. "NI Group Address" for each unique single-label name.
The Nonce MUST be a random or good pseudo-random value to foil The Nonce MUST be a random or good pseudo-random value to foil
spoofed replies. An implementation which allows multiple independent spoofed replies. An implementation that allows multiple independent
processes to send NI queries MAY use the Nonce value to deliver processes to send NI Queries MAY use the Nonce value to deliver
Replies to the correct process. Nonetheless, such processes MUST Replies to the correct process. Nonetheless, such processes MUST
check the received Nonce and ignore extraneous Replies. check the received Nonce and ignore extraneous Replies.
If true communication security is required, IPsec [14] should be If true communication security is required, IP Security (IPsec) [14]
used. Providing the infrastructure to authenticate NI Queries and should be used. Providing the infrastructure to authenticate NI
Replies may be quite difficult outside of a well-defined community. Queries and Replies may be quite difficult outside of a well-defined
community.
Upon receiving an NI Query, the Responder must check the Query's IPv6 Upon receiving an NI Query, the Responder must check the Query's IPv6
destination address and discard the Query without further processing destination address and discard the Query without further processing
unless it is one of the Responder's unicast or anycast addresses, or unless it is one of the Responder's unicast or anycast addresses, or
a link-local scope multicast address which the Responder has joined. a link-local scope multicast address that the Responder has joined.
Typically the latter will be an NI Group Address for a name belonging Typically, the latter will be an NI Group Address for a name
to the Responder. A node MAY be configured to discard NI Queries to belonging to the Responder. A node MAY be configured to discard NI
multicast addresses other than its NI Group Address(es) but if so, Queries to multicast addresses other than its NI Group Address(es),
the default configuration SHOULD be not to discard them. but if so, the default configuration SHOULD be not to discard them.
A Responder must also silently discard a Query whose Subject Address A Responder must also silently discard a Query whose Subject Address
or Name (in the Data field) does not belong to that node. A single- or Name (in the Data field) does not belong to that node. A single-
component Subject Name matches any fully-qualified name whose first component Subject Name matches any fully-qualified name whose first
label matches the Subject. All name matching is done in a case- label matches the Subject. All name matching is done in a case-
independent manner consistent with DNSSEC name canonicalization [7]. independent manner consistent with DNS Security (DNSSEC) name
canonicalization [7].
Next, if Qtype is unknown to the Responder, it must return an NI Next, if Qtype is unknown to the Responder, it must return an NI
Reply with ICMPv6 Code = 2 and no Reply Data. The Responder should Reply with ICMPv6 Code = 2 and no Reply Data. The Responder should
rate-limit such replies as it would ICMPv6 error replies [5]. rate-limit such replies as it would ICMPv6 error replies [5].
Next, the Responder should decide whether to refuse an answer, based Next, the Responder should decide whether to refuse an answer, based
on local policy. (See "Security Considerations" for recommended on local policy. (See the "Security Considerations" section for
default behavior.) If an answer is refused, depending on local recommended default behavior.) If an answer is refused, depending on
policy the Responder can elect to silently discard the query or send local policy the Responder can elect to silently discard the query or
an NI Reply with ICMPv6 Code = 1 and no Reply Data. Again, the send an NI Reply with ICMPv6 Code = 1 and no Reply Data. Again, the
Responder should rate-limit such replies as it would ICMPv6 error Responder should rate-limit such replies as it would ICMPv6 error
replies [5]. replies [5].
Finally, if the Qtype is known and the response is allowed by local Finally, if the Qtype is known and the response is allowed by local
policy, the Responder MUST fill in the Flags and Reply Data of the NI policy, the Responder MUST fill in the Flags and Reply Data of the NI
Reply in accordance with the definition of the Qtype and transmit the Reply in accordance with the definition of the Qtype and transmit the
NI Reply. The source address of the NI Reply SHOULD be selected NI Reply. The source address of the NI Reply SHOULD be selected
using the rules defined in [9]. using the rules defined in [9].
If the Query was sent to a multicast address, transmission of the If the Query was sent to a multicast address, transmission of the
skipping to change at page 8, line 45 skipping to change at page 7, line 42
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TTL | | TTL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Node Names ... | | Node Names ... |
+ + + +
/ / / /
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Node Information Reply Message Figure 2: Node Information Reply Message
o TTL - MUST be zero. Any non-zero value received MUST be treated o TTL (Time to Live) - MUST be zero. Any non-zero value received
as zero. This field is no longer used but is present to preserve MUST be treated as zero. This field is no longer used but is
backwards compatibility with older implementations. present to preserve backward compatibility with older
implementations.
o Node Names - The fully-qualified or single-component name or names o Node Names - The fully-qualified or single-component name or names
of the Responder which correspond(s) to the Subject Address or of the Responder that correspond(s) to the Subject Address or
Name, in DNS wire format, Section 3.1 of [2]. Each name MUST be Name, in DNS wire format, Section 3.1 of [2]. Each name MUST be
fully-qualified if the responder knows the domain suffix, and fully-qualified if the responder knows the domain suffix;
otherwise be a single DNS label followed by two zero-length otherwise, each name MUST be a single DNS label followed by two
labels. When multiple node names are returned and more than one zero-length labels. When multiple node names are returned and
of them is fully-qualified, DNS name compression, Section 4.1.4 of more than one of them is fully-qualified, DNS name compression,
[2], SHOULD be used, and the offsets are counted from the first Section 4.1.4 of [2], SHOULD be used, and the offsets are counted
octet of the Data field. An offset of 4, for example, will point from the first octet of the Data field. An offset of 4, for
to the beginning of the first name. example, will point to the beginning of the first name.
The Responder must fill in the TTL field of the Reply with zero. The Responder must fill in the TTL field of the Reply with zero.
Only one TTL is included in the reply. Only one TTL is included in the Reply.
If the Responder does not know its name at all it MUST send a Reply If the Responder does not know its name at all, it MUST send a Reply
with TTL=0 and no Node Names (or a Reply with Code=1 indicating with TTL=0 and no Node Names (or a Reply with Code=1 indicating
refusal to answer). The Querier will be able to determine from the refusal to answer). The Querier will be able to determine from the
packet length that the Data field contains no names. packet length that the Data field contains no names.
6.3. Node Addresses 6.3. Node Addresses
The NI Node Addresses Query requests some set of the Responder's IPv6 The NI Node Addresses Query requests some set of the Responder's IPv6
unicast addresses. The Reply Data is a sequence of 128-bit IPv6 unicast addresses. The Reply Data is a sequence of 128-bit IPv6
addresses, each address preceded by a separate 32-bit TTL value, with addresses, with each address preceded by a separate 32-bit TTL value,
Preferred addresses listed before Deprecated addresses [11], but with Preferred addresses listed before Deprecated addresses [11];
otherwise in no special order. Five flag bits are defined in the otherwise, they are in no special order. Five flag bits are defined
Query, and six in the Reply. in the Query and six in the Reply.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Qtype=3 | unused |G|S|L|C|A|T| | Qtype=3 | unused |G|S|L|C|A|T|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Node Information Address Query Figure 3: Node Information Address Query
o G - If set to 1, Global-scope addresses [12] are requested. o G - If set to 1, Global-scope addresses [12] are requested.
o S - If set to 1, Site-local addresses [12] are requested. o S - If set to 1, Site-local addresses [12] are requested.
However, Site-local addresses are now deprecated [15] and this However, Site-local addresses are now deprecated [15] and this
flag is for backwards compatibility. flag is for backward compatibility.
o L - If set to 1, Link-local addresses [12] are requested. o L - If set to 1, Link-local addresses [12] are requested.
o C - If set to 1, IPv4-compatible (now deprecated) and IPv4-mapped o C - If set to 1, IPv4-compatible (now deprecated) and IPv4-mapped
addresses [3] are requested. Responses SHOULD include IPv4 addresses [3] are requested. Responses SHOULD include IPv4
addresses in IPv4-mapped form. addresses in IPv4-mapped form.
o A - If set to 1, all the Responder's unicast addresses (of the o A - If set to 1, all the Responder's unicast addresses (of the
specified scope(s)) are requested. If 0, only those addresses are specified scope(s)) are requested. If 0, only those addresses are
requested which belong to the interface (or any one interface) requested that belong to the interface (or any one interface) that
which has the Subject Address, or which are associated with the has the Subject Address or that are associated with the Subject
Subject Name. Name.
o T - Defined in a Reply only, indicates that the set of addresses o T - Defined in a Reply only, indicates that the set of addresses
is incomplete for space reasons. is incomplete for space reasons.
Flags G, S, L, C and A are copied from a Query to the corresponding Flags G, S, L, C, and A are copied from a Query to the corresponding
Reply. Reply.
The TTL associated with each address MUST be zero. The TTL associated with each address MUST be zero.
6.4. IPv4 Addresses 6.4. IPv4 Addresses
The NI IPv4 Addresses Query requests some set of the Responder's IPv4 The NI IPv4 Addresses Query requests some set of the Responder's IPv4
unicast addresses. The Reply Data is a sequence of 32-bit IPv4 unicast addresses. The Reply Data is a sequence of 32-bit IPv4
addresses, each address preceded by a 32-bit TTL value. One flag bit addresses, each address preceded by a 32-bit TTL value. One flag bit
is defined in the Query, and two in the Reply. is defined in the Query and two in the Reply.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Qtype=4 | unused |A|T| | Qtype=4 | unused |A|T|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Node Information IPv4 Address Query Figure 4: Node Information IPv4 Address Query
o A - If set to 1, all the Responder's unicast addresses are o A - If set to 1, all the Responder's unicast addresses are
requested. If 0, only those addresses are requested which belong requested. If 0, only those addresses are requested that belong
to the interface (or any one interface) which has the Subject to the interface (or any one interface) that has the Subject
Address. Address.
o T - Defined in a Reply only, indicates that the set of addresses o T - Defined in a Reply only, indicates that the set of addresses
is incomplete for space reasons. is incomplete for space reasons.
Flag A is copied from a Query to the corresponding Reply. Flag A is copied from a Query to the corresponding Reply.
The TTL associated with each address MUST be zero. The TTL associated with each address MUST be zero.
6.4.1. Discussion 6.4.1. Discussion
skipping to change at page 11, line 13 skipping to change at page 10, line 11
has the A flag set to 0, it SHOULD consider IP interfaces, other than has the A flag set to 0, it SHOULD consider IP interfaces, other than
tunnels, associated with the same hardware as being the same tunnels, associated with the same hardware as being the same
interface. interface.
7. IANA Considerations 7. IANA Considerations
ICMPv6 type values 139 and 140 were previously assigned by IANA for ICMPv6 type values 139 and 140 were previously assigned by IANA for
this protocol. This document defines three values of the ICMPv6 Code this protocol. This document defines three values of the ICMPv6 Code
field for each of these ICMPv6 Type values. Additional Code values field for each of these ICMPv6 Type values. Additional Code values
may be defined using the "Specification Required" criteria from [16]. may be defined using the "Specification Required" criteria from [16].
IANA is requested to establish and maintain a registry for the Code IANA has established and will maintain a registry for the Code fields
fields associated with the Node Information Query ICMPv6 Types as a associated with the Node Information Query ICMPv6 Types as a part of
part of its ICMPv6 Registry updated in [13]. its ICMPv6 Registry updated in [13].
This document defines five values of Qtype, numbers 0 through 4. This document defines five values of Qtype, numbers 0 through 4.
Following the policies outlined in [16], new values, and their Following the policies outlined in [16], new values, and their
associated Flags and Reply Data, are to be defined by IETF Consensus. associated Flags and Reply Data, are to be defined by IETF Consensus.
The IANA is requested to assign the IPv6 multicast prefix FF02:0:0:0: The IANA has assigned the IPv6 multicast prefix
0:2:FF00::/104 for use in Node Information Queries as defined in FF02:0:0:0:0:2:FF00::/104 for use in Node Information Queries as
Section 5. It should be noted that this request does conform with defined in Section 5. It should be noted that this assignment does
the requirements defined in [17]. conform with the requirements defined in [17].
8. Security Considerations 8. Security Considerations
This protocol shares the security issues of ICMPv6 that are This protocol shares the security issues of ICMPv6 that are
documented in the "Security Considerations" section of [5]. documented in the "Security Considerations" section of [5].
This protocol has the potential of revealing information useful to a This protocol has the potential of revealing information useful to a
would-be attacker. An implementation of this protocol MUST have a would-be attacker. An implementation of this protocol MUST have a
default configuration which refuses to answer queries from global- default configuration that refuses to answer queries from global-
scope [3] addresses. scope [3] addresses.
Implementations SHOULD apply rate-limiting to NI responses to avoid Implementations SHOULD apply rate-limiting to NI responses to avoid
being used in a denial of service attack. being used in a denial-of-service attack.
The anti-spoofing Nonce does not give any protection from spoofers The anti-spoofing Nonce does not give any protection from spoofers
who can eavesdrop the Query or the Reply. who can eavesdrop the Query or the Reply.
The information learned via this protocol SHOULD not be trusted for The information learned via this protocol SHOULD NOT be trusted for
making security relevant decisions unless some other mechanisms making security-relevant decisions unless some other mechanisms
beyond the scope of this document is used to authenticate this beyond the scope of this document are used to authenticate this
information. information.
An implementation of this protocol SHOULD provide the ability to An implementation of this protocol SHOULD provide the ability to
control the dissemination of information related to IPv6 Privacy control the dissemination of information related to IPv6 Privacy
Addresses [18]. The default action of this policy SHOULD NOT provide Addresses [18]. The default action of this policy SHOULD NOT provide
a response to a Query that contains a node's Privacy Addresses. a response to a Query that contains a node's Privacy Addresses.
A node MUST NOT include Privacy Addresses in any Node Addresses A node MUST NOT include Privacy Addresses in any Node Addresses
response which includes a public address, or for which the source response that includes a public address, or for which the source
address of the response, the destination address of the request, or address of the response, the destination address of the request, or
the Subject Address of the request, is a public address. Similarly, the Subject Address of the request is a public address. Similarly, a
a node MUST NOT include any address other than the (single) Privacy node MUST NOT include any address other than the (single) Privacy
Address in any Node Addresses response which includes the Privacy Address in any Node Addresses response that includes the Privacy
Address, or for which the source address of the response, the Address, or for which the source address of the response, the
destination address of the request, or the Subject Address of the destination address of the request, or the Subject Address of the
request, is the Privacy Address. request is the Privacy Address.
9. Acknowledgments 9. Acknowledgements
Alain Durand contributed to this specification and valuable feedback Alain Durand contributed to this specification, and valuable feedback
and implementation experience was provided by Jun-Ichiro Hagino and and implementation experience were provided by Jun-Ichiro Hagino and
Tatuya Jinmei. Other useful comments were received from Robert Elz, Tatuya Jinmei. Other useful comments were received from Robert Elz,
Keith Moore, Elwyn Davies, Pekka Savola, and Dave Thaler. Bob Hinden Keith Moore, Elwyn Davies, Pekka Savola, and Dave Thaler. Bob Hinden
and Brian Haberman have acted as document editors during the IETF and Brian Haberman have acted as document editors during the IETF
advancement process. advancement process.
This document is not the first proposal of a direct query mechanism This document is not the first proposal of a direct query mechanism
for address-to-name translation. The idea had been discussed briefly for address-to-name translation. The idea had been discussed briefly
in the IPng working group and RFC 1788 [19] describes such a in the IPng working group, and RFC 1788 [19] describes such a
mechanism for IPv4. mechanism for IPv4.
10. References 10. References
10.1. Normative References 10.1. Normative References
[1] Mockapetris, P., "Domain names - concepts and facilities", [1] Mockapetris, P., "Domain names - concepts and facilities", STD
STD 13, RFC 1034, November 1987. 13, RFC 1034, November 1987.
[2] Mockapetris, P., "Domain names - implementation and [2] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[3] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) [3] Hinden, R. and S. Deering, "IP Version 6 Addressing
Addressing Architecture", RFC 3513, April 2003. Architecture", RFC 4291, February 2006.
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[5] Conta, A. and S. Deering, "Internet Control Message Protocol [5] Conta, A. and S. Deering, "Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6) (ICMPv6) for the Internet Protocol Version 6 (IPv6)
Specification", RFC 2463, December 1998. Specification", RFC 2463, December 1998.
[6] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) [6] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC 2460, December 1998. Specification", RFC 2460, December 1998.
[7] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, [7] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"Resource Records for the DNS Security Extensions", RFC 4034, "Resource Records for the DNS Security Extensions", RFC 4034,
March 2005. March 2005.
[8] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [8] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April
April 1992. 1992.
[9] Draves, R., "Default Address Selection for Internet Protocol [9] Draves, R., "Default Address Selection for Internet Protocol
version 6 (IPv6)", RFC 3484, February 2003. version 6 (IPv6)", RFC 3484, February 2003.
[10] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2 [10] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2
(MLDv2) for IPv6", RFC 3810, June 2004. (MLDv2) for IPv6", RFC 3810, June 2004.
[11] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery [11] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998. for IP Version 6 (IPv6)", RFC 2461, December 1998.
[12] Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global Unicast [12] Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global Unicast
Address Format", RFC 3587, August 2003. Address Format", RFC 3587, August 2003.
[13] Conta, A., "Internet Control Message Protocol (ICMPv6) for the [13] Conta, A., Deering, S., and M. Gupta, "Internet Control Message
Internet Protocol Version 6 (IPv6) Specification", Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6)
draft-ietf-ipngwg-icmp-v3-07 (work in progress), July 2005. Specification", RFC 4443, March 2006.
10.2. Informative References 10.2. Informative References
[14] Kent, S. and K. Seo, "Security Architecture for the Internet [14] Kent, S. and K. Seo, "Security Architecture for the Internet
Protocol", RFC 4301, December 2005. Protocol", RFC 4301, December 2005.
[15] Huitema, C. and B. Carpenter, "Deprecating Site Local [15] Huitema, C. and B. Carpenter, "Deprecating Site Local
Addresses", RFC 3879, September 2004. Addresses", RFC 3879, September 2004.
[16] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA [16] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, Considerations Section in RFCs", BCP 26, RFC 2434, October
October 1998. 1998.
[17] Haberman, B., "Allocation Guidelines for IPv6 Multicast [17] Haberman, B., "Allocation Guidelines for IPv6 Multicast
Addresses", RFC 3307, August 2002. Addresses", RFC 3307, August 2002.
[18] Narten, T. and R. Draves, "Privacy Extensions for Stateless [18] Narten, T. and R. Draves, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6", RFC 3041, January 2001. Address Autoconfiguration in IPv6", RFC 3041, January 2001.
[19] Simpson, W., "ICMP Domain Name Messages", RFC 1788, April 1995. [19] Simpson, W., "ICMP Domain Name Messages", RFC 1788, April 1995.
Authors' Addresses Authors' Addresses
Matt Crawford Matt Crawford
Fermilab Fermilab
PO Box 500 PO Box 500
Batavia, IL 60510 Batavia, IL 60510
US US
Phone: +1 630 840 3461 Phone: +1 630 840 3461
Email: crawdad@fnal.gov EMail: crawdad@fnal.gov
Brian Haberman (editor) Brian Haberman (editor)
Johns Hopkins University Applied Physics Lab Johns Hopkins University Applied Physics Lab
11100 Johns Hopkins Road 11100 Johns Hopkins Road
Laurel, MD 20723-6099 Laurel, MD 20723-6099
US US
Phone: +1 443 778 1319 Phone: +1 443 778 1319
Email: brian@innovationslab.net EMail: brian@innovationslab.net
Intellectual Property Statement Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 15, line 29 skipping to change at page 14, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity Acknowledgement
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 64 change blocks. 
186 lines changed or deleted 169 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/