One document matched: draft-jeong-dnsop-ipv6-dns-discovery-02.txt
Differences from draft-jeong-dnsop-ipv6-dns-discovery-01.txt
Internet-Draft J. Jeong
ETRI
S. Park
SAMSUNG Electronics
L. Beloeil
France Telecom R&D
S. Madanapalli
SAMSUNG ISO
Expires: January 2005 18 July 2004
IPv6 DNS Discovery based on Router Advertisement
draft-jeong-dnsop-ipv6-dns-discovery-02.txt
Status of this Memo
By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
and any of which we become aware will be disclosed, in accordance
with RFC3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 17, 2005.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
Jeong, et al. Expires - January 2005 [Page 1]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
This document specifies the steps an IPv6 host takes in deciding how
to configure the address of recursive DNS server for DNS name
resolution. The way of discovering recursive DNS server is based on
Router Advertisement message.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3].
Table of Contents
1. Introduction...................................................2
2. Terminology....................................................3
3. Overview.......................................................3
4. Neighbor Discovery Extension...................................4
4.1 Recursive DNS Server Option................................4
5. Procedure of DNS Discovery.....................................5
6. Configuration of DNS Information...............................6
6.1 DNS Server Cache Management................................6
6.2 Synchronization between DNS Server Cache and Resolver File.7
6.3 DNS Resolution.............................................8
6.4 Implementation Considerations..............................8
7. Applicability Statements.......................................8
8. Open Issues....................................................8
9. Security Considerations........................................9
10. Changes from Previous Version of the Draft....................9
11. Acknowledgements..............................................9
12. Normative References..........................................9
13. Informative References.......................................10
14. Authors' Addresses...........................................10
Intellectual Property Statement..................................11
Full Copyright Statement.........................................12
Acknowledgement..................................................12
1. Introduction
Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless
Address Autoconfiguration provide ways to configure either fixed
or mobile nodes with one or more IPv6 addresses, default routes
and some other parameters [4][5]. To support access to additional
services in the Internet that are identified by a DNS name, such
as a web server, the configuration of at least one recursive DNS
server is also needed for DNS name resolution.
Jeong, et al. Expires - January 2005 [Page 2]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
This document defines the process of DNS discovery based on IPv6
Router Advertisement (RA) to find out the addresses of recursive DNS
servers within the local network.
2. Terminology
This document uses the terminology described in [4][5]. In addition,
three new terms are defined below:
Recursive DNS Server (RDNSS)
A Recursive DNS Server is a name server that offers the recursive
service of DNS name resolution.
DNS Server Cache
DNS Server Cache is a data structure for managing DNS Server
Information existing in IPv6 protocol stack in addition to
Neighbor Cache and Destination Cache for Neighbor Discovery [4].
Resolver File
Resolver File is a configuration file which DNS resolver on the
host uses for DNS name resolution, e.g., /etc/resolv.conf in UNIX.
3. Overview
RA approach for RDNSS is to define a new ND option called RDNSS
option that contains a recursive DNS server address. Existing ND
transport mechanisms (i.e., advertisements and solicitations) are
used. This works in the same way that nodes learn about routers
and prefixes, etc. An IPv6 host can configure the IPv6 addresses
of one or more RDNSSes via RA message periodically sent by router
or solicited by a Router Solicitation (RS). This approach needs
RDNSS information to be configured in the routers doing the
advertisements. The configuration of RDNSS address can be
performed manually by operator or other ways, such as automatic
configuration through DHCPv6 client running on the router [6]-[8].
When advertising more than one RDNSS options, an RA message
includes as many RDNSS options as RDNSSes. Through ND protocol
and RDNSS option along with prefix information option, an IPv6
host can perform its network configuration of its IPv6 address and
RDNSS simultaneously [4][5]. The RA option for RDNSS can be used
on any network that supports the use of ND. However, RA approach
performs poorly in some wireless environments where RA message is
used for IPv6 address autoconfiguration, such as WLAN networks.
Jeong, et al. Expires - January 2005 [Page 3]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
The RA approach is useful in some non-WLAN mobile environments
where the addresses of the RDNSSes are changing because the RA
option includes a lifetime field. This can be configured to a
value that will require the client to time out the entry and
switch over to another RDNSS address (see Section 6.1 and 6.2).
The preference value of RDNSS, included in RDNSS option, allows
IPv6 hosts to select primary RDNSS among several RDNSSes; this can
be used for load balancing of RDNSSes (see Section 6.1 and 6.2).
4. Neighbor Discovery Extension
The DNS discovery mechanism in this document needs a new ND option in
Neighbor Discovery, Recursive DNS Server (RDNSS) option.
4.1 Recursive DNS Server Option
RDNSS option contains the IPv6 address of the recursive DNS server.
When advertising more than one RDNSS option, an RA message includes
as many RDNSS options as DNS servers. Figure 1 shows the format of
RDNSS option.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Pref | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
: IPv6 Address of RDNSS :
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1. Recursive DNS Server (RDNSS) Option Format
Fields:
Type 8-bit identifier of the option type (TBD: IANA)
Option Name Type
RDNSS option (TBD)
Length 8-bit unsigned integer. The length of the
option (including the type and length fields)
in units of 8 octets SHOULD be 0x03 (3 x 8 = 24
octets).
Jeong, et al. Expires - January 2005 [Page 4]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
Pref The preference of an RDNSS. A 4-bit unsigned
integer. A decimal value of 15 indicates the
highest preference. A value of zero means
unspecified. The field can be used for load
balancing of DNS queries with multiple RDNSSes
according to local policy.
Lifetime 32-bit unsigned integer. The maximum time, in
seconds, over which this RDNSS is used for name
resolution. Hosts should contact the source
of this information, router, before this time
interval expires. A value of all one bits
(0xffffffff) represents infinity. A value of
zero means that the RDNSS must no longer be used.
IPv6 Address of RDNSS
128-bit IPv6 address of the recursive DNS server.
5. Procedure of DNS Discovery
The processing of RDNSS option is handled like any other ND option
and would happen when an RA is received. No new procedure is needed.
Figure 2 shows the procedure of DNS Discovery on the basis of IPv6 RA
message in detail.
IPv6 Host Router
| |
(a)|(-------------------------RS------------------------->)|
(b)|<-----------------RA w/ RDNSS option(s)----------------|
(c)| Processing of RA |
(d)| Stateless Address Autoconfiguration |
(e)| DNS Configuration based on RA option |
(f)| (DNS Configuration based on DHCP option) |
Figure 2. Procedure of DNS Discovery
The procedure consists of the following steps:
Step (a) : IPv6 Host sends RS (Router Solicitation) message to get
RA message. It is optional.
Step (b) : For the RS message sent by IPv6 Host, Router sends RA
message, which contains Prefix Information option for
stateless address autoconfiguration and RDNSS options
for DNS servers.
Step (c) : If there are not any Prefix Information option and RDNSS
Jeong, et al. Expires - January 2005 [Page 5]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
in RA message, IPv6 Host goes to Step (f).
Step (d) : If there is Prefix Information option in RA message, IPv6
Host performs stateless address autoconfiguration on the
basis of the prefix included in the option. If the auto-
configuration fails, IPv6 Host goes to Step (f).
Step (e) : If there is an RDNSS option in RA message, IPv6 Host
stores the RDNSS address in both its DNS Server Cache and
resolver configuration file.
Step (f) : If M (Managed address configuration) flag is set on, IPv6
Host MUST perform stateful address autoconfiguration
through DHCPv6 [4]-[6]. If no RDNSS option is included in
the RA message, IPv6 Host MAY perform DNS configuration
through DHCPv6 [6]-[8] regardless of whether the O flag is
set or not.
6. Configuration of DNS Information
The addresses of RDNSSes are announced by RDNSS options in RA
message. The newly discovered RDNSS addresses are stored and managed
in both DNS Server Cache and Resolver File.
6.1 DNS Server Cache Management
DNS Discovery in this document needs a new DNS Server Cache in IPv6
protocol stack in addition to Neighbor Cache and Destination Cache
for Neighbor Discovery [4]. Each entry of DNS Server Cache consists
of RDNSS address, Preference, Expire-time, and Onsite-flag as
follows:
- RDNSS address:
RDNSS address indicates the recursive DNS server in the site.
- Preference:
Preference, delivered in RDNSS option, is used to give the usage
preference to the announced RDNSSes; e.g., the value of two of
preference field may indicate a primary RDNSS and that of one a
secondary one. Like this, this field can be used for load
balancing of DNS queries with multiple RDNSSes within an
autonomous site.
- Expire-time:
Lifetime, delivered in RDNSS option, is used to give the time when
this entry becomes invalid. Expire-time is set to the value of
Lifetime field of RDNSS option plus the current system time.
Jeong, et al. Expires - January 2005 [Page 6]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
Whenever a new RDNSS option with the same address is received, it
is updated.
- Onsite-flag:
Onsite-flag is set on while Expire-time is less than the current
system time, namely this entry is valid. When Expire-time becomes
greater than the current system time, this flag is set off. When
Expire-time becomes less than the current system time again
through a receipt of another RDNSS option, the flag is set on.
The entry of which Onsite-flag is off is not deleted immediately,
but used for DNS resolution in the site where IPv6 host is mobile
node and RDNSS is not provided. In such a site, IPv6 host MAY use
the RDNSS of the previous site. To limit the storage needed for
the DNS Server Cache, a node may need to garbage-collect old
entries. However, care must be taken to insure that sufficient
space is always present to hold the working set of active entries.
Any LRU-based policy that only reclaims entries that have expired
should be adequate for garbage-collecting unused entries [4]. For
example, when the replacement is necessary, IPv6 host can choose
one of which Onsite-flag is off and of which Expire-time is the
least.
6.2 Synchronization between DNS Server Cache and Resolver File
When an IPv6 host receives the information of multiple RDNSSes within
a site through an RA message with RDNSS options, it stores the RDNSS
addresses in order into both DNS Server Cache and Resolver File. The
processing of the RDNSS option included in RA message is as follows:
Step (a) : Receive and parse RDNSS options.
Step (b) : Arrange the addresses of RDNSSes in a descending order,
starting with the biggest value of "Pref" field of the
RDNSS option and store them in both DNS Server Cache
and Resolver File. In the case where there are several
routers advertising RDNSS option(s) in a subnet, "Pref"
field is used to arrange the information.
Step (c) : For each RDNSS option, check the following; If the value
of "Pref" and "Lifetime" fields is set to zero, delete the
corresponding RDNSS entry from both DNS Server Cache and
Resolver File in order to let the RDNSS not used any more
for certain reason in network management, e.g., the
breakdown of the RDNSS and a renumbering situation.
Step (d) : Delete each entry of which Onsite-flag is set off from DNS
Server Cache and the RDNSS address corresponding to the
entry from Resolver File. In mobile environments, in
Jeong, et al. Expires - January 2005 [Page 7]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
order that a mobile node still uses an RDNSS of the
previous site when the node moves into another site and no
RDNSS is available there, it MAY be allowed to maintain
the entry of which Onsite-flag is off, not to delete it
from both DNS Server Cache and Resolver File.
6.3 DNS Resolution
Whenever DNS resolver has to resolve a DNS name which is not cached
in its local DNS cache, it can use DNS servers listed in Resolver
File, which is synchronized with DNS Server Cache. It refers to the
address of RDNSS in order from the first RDNSS stored in Resolver
File.
6.4 Implementation Considerations
The current ND framework should be modified due to the
synchronization between DNS Server Cache for RDNSSes in kernel
space and DNS configuration file in user space. Because it is
unacceptable to write and rewrite the DNS configuration file (e.g.,
resolv.conf) from the kernel, another approach is needed. One
simple approach to solve this is to have a daemon listening to
what the kernel conveys, and to have the daemon do these steps,
but such a daemon is not necessary with the current ND framework.
7. Applicability Statements
RA-based DNS discovery is useful in a variety of networks where IPv6
address is autoconfigured through IPv6 stateless address
autoconfiguration, such as SOHO, home networks, celluar networks
(e.g., 3GPP), MIPv6 (especially, HMIPv6), NEMO and MANET connected to
the Internet.
8. Open Issues
There might be some issues regarding RA-based DNS discovery as
follows:
o How to optimize bandwidth on the link?
o How to implement RA-based DNS discovery?
Is the way of implementing RA option for RDNSS in the document
okay?
o What about the use of "Pref" or "Lifetime" field?
o What about several routers on the same link advertising distinct
parameters, such as Prefix Information options and RDNSS options?
Jeong, et al. Expires - January 2005 [Page 8]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
(Multihoming considerations)
o What about advertising Well-known anycast addresses for RDNSSes
through RA message? [9]
9. Security Considerations
The security of RA option for RDNSS is the same as ND protocol
security [4]. The RA option does not add any new vulnerability.
It should be noted that the vulnerability of ND is not worse and is a
subset of the attacks that any node attached to a LAN can do
independently of ND. The kind of attacks a malicious node on a LAN
can include promiscuously receiving packets for any router's MAC
address, sending packets with the router's MAC address as the source
MAC addresses in the L2 header to tell the L2 switches to send
packets addressed to the router to the malicious node instead of the
router. This attack can send redirects to tell the hosts to send
their traffic somewhere else, send unsolicited RA or NA replies,
answer RS or NS requests, etc. All of this can be done independently
of implementing ND. The RA option for RDNSS does not add to this
vulnerability.
Security issues regarding the ND protocol are being discussed at IETF
SEND (Securing Neighbor Discovery) Working Group [10].
10. Changes from Previous Version of the Draft
This section briefly lists some of the major changes in this
draft relative to the previous version of this same draft,
draft-jeong-dnsop-ipv6-dns-discovery-01.txt:
- clarified the use of O flag in RA message to explain interworking
of RA option and DHCP option for IPv6 DNS Configuration.
- added Implementation Consideration subsection of RA option for
RDNSS to the document.
- rewrote Security Considerations section.
11. Acknowledgements
This draft has greatly benefited from inputs by Robert Hinden,
Pekka Savola, and Tim Chown. The authors appreciate their
contribution.
12. Normative References
Jeong, et al. Expires - January 2005 [Page 9]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
[1] S. Bradner, "Intellectual Property Rights in IETF Technology",
RFC 3668, February 2004.
[2] S. Bradner, "IETF Rights in Contributions", RFC 3667,
February 2004.
[3] S. Bradner, "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[4] T. Narten, E. Nordmark and W. Simpson, "Neighbor Discovery for
IP version 6 (IPv6)", RFC 2461, December 1998.
[5] S. Thomson and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998.
13. Informative References
[6] R. Droms et al., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003.
[7] R. Droms, "Stateless Dynamic Host Configuration Protocol (DHCP)
Service for IPv6", RFC 3736, April 2004.
[8] R. Droms et al., "DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December
2003.
[9] M. Ohta, "Preconfigured DNS Server Addresses", draft-ohta-
preconfigured-dns-01.txt, February 2004.
[10] J. Arkko et al., "SEcure Neighbor Discovery (SEND)", draft-
ietf-send-ndopt-05.txt, April 2004.
14. Authors' Addresses
Jaehoon Paul Jeong
ETRI / PEC
161 Gajong-Dong, Yusong-Gu
Daejeon 305-350
Korea
Phone: +82 42 860 1664
EMail: paul@etri.re.kr
Soohong Daniel Park
Mobile Platform Laboratory,
SAMSUNG Electronics
Korea
Jeong, et al. Expires - January 2005 [Page 10]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
Phone: +82 31 200 3728
EMail: soohong.park@samsung.com
Luc Beloeil
France Telecom R&D
42, rue des coutures
BP 6243
14066 CAEN Cedex 4
France
Phone: +33 02 3175 9391
EMail: luc.beloeil@francetelecom.com
Syam Madanapalli
Network Systems Division,
SAMSUNG India Software Operations
India
Phone: +91 80 555 0555
EMail: syam@samsung.com
Intellectual Property Statement
The following intellectual property notice is copied from RFC3668,
Section 5.
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology
described in this document or the extent to which any license
under such rights might or might not be available; nor does it
represent that it has made any independent effort to identify any
such rights. Information on the procedures with respect to rights
in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be required
to implement this standard. Please address the information to the
IETF at ietf-ipr@ietf.org.
Jeong, et al. Expires - January 2005 [Page 11]
Internet-Draft IPv6 DNS Discovery based on RA July 2004
Full Copyright Statement
The following copyright notice is copied from RFC3667, Section 5.4.
It describes the applicable copyright for this document.
Copyright (C) The Internet Society (2004). This document is
subject to the rights, licenses and restrictions contained in BCP
78, and except as set forth therein, the authors retain all their
rights.
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Jeong, et al. Expires - January 2005 [Page 12]
| PAFTECH AB 2003-2026 | 2026-04-23 01:36:18 |