Network Working Group J. Jeong
Internet-Draft ETRI/University of Minnesota
Expires: January 16, 2006 S. Park
SAMSUNG Electronics
L. Beloeil
France Telecom R&D
S. Madanapalli
SAMSUNG ISO
July 15, 2005
IPv6 Router Advertisement Option for DNS Configuration
draft-jeong-dnsop-ipv6-dns-discovery-05.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 16, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document specifies a new IPv6 Router Advertisement option to
allow IPv6 routers to advertise DNS recursive server addresses to
IPv6 hosts.
Jeong, et al. Expires January 16, 2006 [Page 1]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . 7
5.1 Recursive DNS Server Option . . . . . . . . . . . . . . . 7
5.2 Procedure of DNS Configuration . . . . . . . . . . . . . . 8
6. Implementation Considerations . . . . . . . . . . . . . . . 9
6.1 DNS Server Cache Management . . . . . . . . . . . . . . . 9
6.2 Synchronization between DNS Server Cache and Resolver
File . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7. Applicability Statements . . . . . . . . . . . . . . . . . . 11
8. Security Considerations . . . . . . . . . . . . . . . . . . 12
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . 13
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
11.1 Normative References . . . . . . . . . . . . . . . . . . 15
11.2 Informative References . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 15
Intellectual Property and Copyright Statements . . . . . . . 17
Jeong, et al. Expires January 16, 2006 [Page 2]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
1. Introduction
Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless Address
Autoconfiguration provide ways to configure either fixed or mobile
nodes with one or more IPv6 addresses, default routes and some other
parameters [4][5]. To support the access to additional services in
the Internet that are identified by a DNS name, such as a web server,
the configuration of at least one recursive DNS server is also needed
for DNS name resolution.
Due to the difficulty of manually entering IPv6 addresses because of
their length, it is important for host to be able to automatically
configure the addresses of IPv6 recursive DNS servers. This document
provides a new way to do this which uses a new IPv6 Router
Advertisement option to allow IPv6 routers to advertise DNS recursive
server addresses to IPv6 hosts.
Jeong, et al. Expires January 16, 2006 [Page 3]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
2. Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [3].
Jeong, et al. Expires January 16, 2006 [Page 4]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
3. Terminology
This document uses the terminology described in [4][5]. In addition,
three new terms are defined below:
o Recursive DNS Server (RDNSS): DNS recursive server that offers the
recursive service of DNS name resolution.
o DNS Server Cache: Data structure for managing DNS Server
Information existing in IPv6 protocol stack in addition to
Neighbor Cache and Destination Cache for Neighbor Discovery [4].
o Resolver File: Configuration file with RDNSS addresses which DNS
resolver on the host uses for DNS name resolution, e.g., /etc/
resolv.conf in UNIX.
Jeong, et al. Expires January 16, 2006 [Page 5]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
4. Overview
This document defines a new ND option called RDNSS option that
contains the addresses of recursive DNS servers. Existing ND
transport mechanisms (i.e., advertisements and solicitations) are
used. This works in the same way that nodes learn about routers and
prefixes. An IPv6 host can configure the IPv6 addresses of one or
more RDNSSes via RA message periodically sent by router or solicited
by a Router Solicitation (RS).
Through ND protocol and RDNSS option along with prefix information
option, an IPv6 host can perform its network configuration of its
IPv6 address and RDNSS simultaneously [4][5]. The RA option for
RDNSS can be used on any network that supports the use of ND.
This approach requires RDNSS information to be configured in the
routers sending the advertisements. The configuration of RDNSS
addresses in the routers can be done in a variety of ways, for
example manual configuration or automatically by running a DHCPv6
client running on the router [6]-[8].
The new RA option is useful in some mobile environments where the
addresses of the RDNSSes are changing because the RA option includes
a lifetime field that allows client to use RDNSSes nearer to the
client. This lifetime field can be configured to a value that will
require the client to time out the entry and switch over to another
RDNSS address.
The preference field of RDNSS option allows IPv6 hosts to select a
primary RDNSS among several RDNSSes; this can be used for load
balancing of RDNSSes.
Jeong, et al. Expires January 16, 2006 [Page 6]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
5. Neighbor Discovery Extension
The IPv6 DNS configuration mechanism in this document needs a new ND
option in Neighbor Discovery, Recursive DNS Server (RDNSS) option.
5.1 Recursive DNS Server Option
RDNSS option contains one or more IPv6 addresses of recursive DNS
servers. All of the addresses share the same preference and lifetime
values. If it is desirable to have different preference and lifetime
values, multiple RDNSS options can be used.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Pref | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
: Addresses of IPv6 Recursive DNS Servers :
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Recursive DNS Server (RDNSS) Option Format
Figure 1 shows the format of RDNSS option.
Fields:
Type 8-bit identifier of the option type (TBD: IANA)
Option Name Type
RDNSS option (TBD)
Length 8-bit unsigned integer. The length of the
option (including the type and length fields)
in units of 8 octets. The minimum value is 0x03
if one IPv6 address is contained in the option.
Additional addresses add 0x02 to the length. The
length field is used by the receiver to determine
the number of IPv6 addresses in the option.
Jeong, et al. Expires January 16, 2006 [Page 7]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
Pref The preference of an RDNSS. A 4-bit unsigned
integer. A decimal value of 15 indicates the
highest preference. A value of zero means
unspecified. The field MAY be used for load
balancing of DNS queries with multiple RDNSSes
according to local policy.
Lifetime 32-bit unsigned integer. The maximum time, in
seconds (relative to the time the packet is sent),
over which this RDNSS is used for name
resolution. Hosts SHOULD contact the source
of this information, router, before this time
interval expires. A value of all one bits
(0xffffffff) represents infinity. A value of
zero means that the RDNSS MUST no longer be used.
Addresses of IPv6 Recursive DNS Servers
One or more 128-bit IPv6 addresses of the
recursive DNS servers. The number of addresses
is determined by the Length field. That is,
the number of addresses is equal to
(Length - 1) / 2.
5.2 Procedure of DNS Configuration
The procedure of DNS configuration through RDNSS option is the same
as any other ND option [4].
Jeong, et al. Expires January 16, 2006 [Page 8]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
6. Implementation Considerations
For the configuration and management of RDNSS information, the
advertised RDNSS addresses can be stored and managed in both DNS
Server Cache and Resolver File.
In environments where the RDNSS information is stored in user space
and ND runs in the kernel, it is necessary to synchronize the DNS
Server Cache for RDNSSes in kernel space and Resolver File for the
RDNSS information in user space. For the synchronization, the
current ND framework should be modified because it is unacceptable to
write and rewrite the Resolver file (e.g., resolv.conf) from the
kernel. One simple approach to solve this is to have a daemon around
(or a program that is called at the defined intervals) that keeps
monitoring the lifetime of RDNSSes all the time. However, such a
daemon is not necessary with the current ND framework.
6.1 DNS Server Cache Management
The DNS configuration needs a new DNS Server Cache in IPv6 protocol
stack in addition to Neighbor Cache and Destination Cache for
Neighbor Discovery [4]. Each entry of DNS Server Cache consists of
RDNSS address, Preference, Expire-time, and Onsite-flag as follows:
o RDNSS address: Recursive DNS Server's IPv6 address in the site.
o Preference: Preference field in RDNSS option used for an IPv6 host
to decide which RDNSS it will use as a primary RDNSS among the
announced RDNSSes. This field can be used for load balancing of
DNS queries with multiple RDNSSes within an autonomous site.
o Expire-time: Lifetime field in RDNSS option used to give the time
when this entry becomes invalid. Expire-time is set to the value
of Lifetime field of RDNSS option plus the current system time.
Whenever a new RDNSS option with the same address is received,
this field is updated to have a new expiration time.
o Onsite-flag: Flag for checking this entry's validity. That is,
Onsite-flag is set on while Expire-time is greater than the
current system time; in other words, while this entry is valid.
When Expire-time becomes less than the current system time, this
flag is set off. When Expire-time becomes greater than the
current system time again through the receipt of another RDNSS
option, the flag is set on again. The entry of which Onsite-flag
is off is not deleted immediately, but MAY be used for DNS
resolution in the site where the IPv6 host is a mobile node and no
RDNSS is provided. Therefore, the IPv6 host MAY use the RDNSS of
the previous site even though the RDNSS is in the remote network.
Jeong, et al. Expires January 16, 2006 [Page 9]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
To limit the storage needed for the DNS Server Cache, a node MAY
need to garbage-collect old entries. However, care must be taken
to insure that sufficient space is always present to hold the
working set of active entries. Any LRU-based policy that only
reclaims entries that have expired should be adequate for garbage-
collecting unused entries [4]. For example, when the replacement
is necessary, the IPv6 host can choose one of which Onsite-flag is
off and of which Expire-time is the least.
6.2 Synchronization between DNS Server Cache and Resolver File
When an IPv6 host receives the information of multiple RDNSSes within
a site through an RA message with RDNSS option(s), it stores the
RDNSS addresses in order into both DNS Server Cache and Resolver
File. The processing of the RDNSS option included in RA message is
as follows:
Step (a): Receive and parse RDNSS option(s).
Step (b): Arrange the addresses of RDNSSes in a descending order,
starting with the biggest value of "Pref" field of the RDNSS
option and store them in both DNS Server Cache and Resolver File.
In the case where there are several routers advertising RDNSS
option(s) in a subnet, "Pref" field is used to arrange the
information.
Step (c): For each RDNSS option, check the following: If each
value of "Pref" and "Lifetime" fields is set to zero, delete the
corresponding RDNSS entries from both DNS Server Cache and
Resolver File in order to let the RDNSSes be not used any more for
certain reason in network management, e.g., the breakdown of the
RDNSS and a renumbering situation.
Step (d): Delete each entry of which Onsite-flag is set off from
DNS Server Cache and the RDNSS address corresponding to the entry
from Resolver File. However, in mobile environment, in order that
a mobile node can still use the RDNSS of the previous site when
the node moves into another site and no RDNSS is available there,
it MAY be allowed to maintain the entry of which Onsite-flag is
off in both DNS Server Cache and Resolver File. In this case,
invalid entries can be deleted according to LRU-based policy.
As a last resort of DNS name resolution, an IPv6 host can use the
RDNSSes manually configured by its user in its Resolver File either
when it cannot get the information of RDNSSes from local network or
when there is no valid RDNSS address in DNS Server Cache.
Jeong, et al. Expires January 16, 2006 [Page 10]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
7. Applicability Statements
RA-based DNS configuration is useful in the networks where IPv6
address is autoconfigured through IPv6 stateless address
autoconfiguration, such as SOHO, home networks, celluar networks
(e.g., 3GPP), MIPv6 (especially, HMIPv6), NEMO and MANET connected to
the Internet. Especially, the RA approach is useful in some mobile
environments where the addresses of the RDNSSes are changing because
the RA option includes a lifetime field that allows client to use
RDNSSes nearer to the client. This can be configured to a value that
will require the client to time out the entry and switch over to
another RDNSS in current local network.
Jeong, et al. Expires January 16, 2006 [Page 11]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
8. Security Considerations
The security of RA option for RDNSS is the same as ND protocol
security [4]. The RA option does not add any new vulnerability.
It should be noted that the vulnerability of ND is not worse and is a
subset of the attacks that any node attached to a LAN can do
independently of ND. A malicious node on a LAN can promiscuously
receive packets for any router's MAC address and send packets with
the router's MAC address as the source MAC address in the L2 header.
As a result, the L2 switches send packets addressed to the router to
the malicious node. Also, this attack can send redirects that tell
the hosts to send their traffic somewhere else. The malicious node
can send unsolicited RA or NA replies, answer RS or NS requests, etc.
All of this can be done independently of implementing ND. Therefore,
the RA option for RDNSS does not add to the vulnerability.
For the security mechanisms for ND, Secure Neighbor Discovery (SEND)
protocol can be used [9]. SEND is also applicable in environments
where physical security on the link is not assured (such as over
wireless) and attacks on ND protocol are a concern.
Jeong, et al. Expires January 16, 2006 [Page 12]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
9. IANA Considerations
The IANA should assign a new IPv6 Neighbor Discovery Option type for
the RDNSS option defined in this document. The IANA registry for
these options is:
http://www.iana.org/assignments/icmpv6-parameters
Jeong, et al. Expires January 16, 2006 [Page 13]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
10. Acknowledgements
This draft has greatly benefited from inputs by Robert Hinden, Pekka
Savola, and Tim Chown. The authors appreciate their contribution.
Jeong, et al. Expires January 16, 2006 [Page 14]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
11. References
11.1 Normative References
[1] Bradner, S., "IETF Rights in Contributions", RFC 3978,
March 2005.
[2] Bradner, S., "Intellectual Property Rights in IETF Technology",
RFC 3668, February 2004.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[4] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998.
[5] Thomson, S. and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998.
11.2 Informative References
[6] Droms, R., Ed., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003.
[7] Droms, R., "Stateless Dynamic Host Configuration Protocol (DHCP)
Service for IPv6", RFC 3736, April 2004.
[8] Droms, R., Ed., "DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
December 2003.
[9] Arkko, J., Ed., "SEcure Neighbor Discovery (SEND)", RFC 3971,
March 2005.
Jeong, et al. Expires January 16, 2006 [Page 15]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
Authors' Addresses
Jaehoon Paul Jeong
ETRI/Department of Computer Science and Engineering
University of Minnesota
117 Pleasant Street SE
Minneapolis, MN 55455
US
Phone: +1 651 587 7774
Fax: +1 612 625 2002
Email: jjeong@cs.umn.edu
URI: http://www.cs.umn.edu/~jjeong/
Soohong Daniel Park
Mobile Platform Laboratory
SAMSUNG Electronics
416 Maetan-3dong, Yeongtong-Gu
Suwon, Gyeonggi-Do 443-742
Korea
Phone: +82 31 200 4508
Email: soohong.park@samsung.com
Luc Beloeil
France Telecom R&D
42, rue des coutures
BP 6243
14066 CAEN Cedex 4
France
Phone: +33 02 3175 9391
Email: luc.beloeil@francetelecom.com
Syam Madanapalli
AMSUNG India Software Operations
J. P. Techno Park, 3/1
Millers Road
Bangalore 560052
India
Phone: +91 80 51197777
Email: syam@samsung.com
Jeong, et al. Expires January 16, 2006 [Page 16]
Internet-Draft IPv6 RA Option for DNS Configuration July 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Jeong, et al. Expires January 16, 2006 [Page 17]