One document matched: draft-ponomarev-hip-hit2ip-00.xml
<?xml version='1.0'?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<rfc ipr="trust200811" category="exp">
<front>
<title abbrev="HIT-TO-IP DNS">Using DNS as an Access Protocol for
Mapping Host Identitity Tags to IP addresses</title>
<author initials='O.' surname='Ponomarev' fullname='Oleg Ponomarev'>
<organization>Helsinki Institute for Information Technology</organization>
<address>
<postal>
<street>HIIT, PO Box 9800</street>
<city>TKK</city>
<code>FIN-02015</code>
<country>Finland</country>
</postal>
<email>oleg.ponomarev@hiit.fi</email>
</address>
</author>
<author initials='A.' surname='Gurtov' fullname='Andrei Gurtov'>
<organization>Helsinki Institute for Information Technology</organization>
<address>
<postal>
<street>HIIT, PO Box 9800</street>
<city>TKK</city>
<code>FIN-02015</code>
<country>Finland</country>
</postal>
<email>gurtov@cs.helsinki.fi</email>
</address>
</author>
<date day='20' month='January' year='2009' />
<area>Host Identity Protocol</area>
<workgroup>Host Identity Protocol</workgroup>
<abstract><t>This document proposes a mechanism to access and manage
Host Identity Tag (HIT) to IP address mappings using the Domain Name
System (DNS).</t></abstract>
</front>
<middle>
<section title='Introduction'>
<t>One of the approaches to use legacy applications<xref
target="RFC5338"/> with Host Identity Protocol<xref target="RFC4423"/>
is to use HIT as IPv6 address. The application may receive them from the
nameserver, store internally and connect directly to a HIT. The HIP
software would receive packet with HIT as a destination IPv6 address
without any additional information about the current locator and
therefore some HIT resolution service is needed in this case. This
document suggests the DNS as an access protocol to such a service and
proposes the usage conventions.</t>
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119<xref
target="RFC2119"/>.</t></section>
<section title='HIT to IP addresses mappings in the DNS'>
<t>Domain Name System is well-known to systems administators and there is
much experience with operations under high load. It also allows dynamic
modifications to reflect the changes of IP addresses and has low
overhead when compared to many other protocols. It is used now, for
example, to get IP address reputations from various blacklists.</t>
<section title='Preconfigured Domain'>
<t>The systems using this method MUST have the same domain
pre-configured, for example hit-to-ip.example.net. A HIT is represented
as a sequence of nibbles separated by dots and followed by the suffix
similarly to IPv6 addresses in ip6.arpa<xref target="RFC3596"/></t>
<t>For example, the domain name corresponding to the HIT</t>
<figure><artwork>
2001:10:1234:5678:9abc:def0:1234:5678
</artwork></figure>
<t>would be</t>
<figure><artwork>
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net
</artwork></figure>
</section>
<section title='Listing IP Addresses of the System'>
<t>The A/AAAA resource record types MAY be used to specify the IP/IPv6
addresses of the system. There MAY be multiple locators listed for a
HIT.</t>
<t>For example, the system with IP address 192.0.2.1 and IPv6 address
2001:DB8::1 would have the following records</t>
<figure><artwork>
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net.
1 IN A 192.0.2.1
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net.
1 IN AAAA 2001:DB8::1
</artwork></figure>
</section>
<section title='Link to another domain'>
<t>The CNAME resource record types MAY be used to specify another domain
to lookup the locators of the system.</t>
<figure><artwork>
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
hit-to-ip.example.net.
86400 IN CNAME 8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.
4.3.2.1.0.1.0.0.1.0.0.2.hit-to-ip.domain.example.
</artwork></figure>
</section>
<section title='Managing the Records'>
<t>The system MAY send DNS UPDATE<xref target="RFC2136"/> to the server
provided by SOA MNAME field of the domain. The system MUST use HIT as
the source address in this case. The system MAY add or delete A/AAAA or
CNAME records for its own HIT representation.
The domain provided in SOA MNAME field of the preconfigured domain MUST
have Host Identity of the server stored in DNS, the IP addresses MUST be
listed in that domain using suggested method and the server MUST accept
DNS UPDATE messages, which add or delete A/AAAA or CNAME records for the
HIT representation of the client after successfull HIP base
exchange.</t>
</section>
</section>
<section anchor="Security" title="Security Considerations">
<t>This section should be added to the draft later on.</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5338.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.4423.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.3596.xml"?>
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2136.xml"?>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 01:22:31 |