Internet Engineering Task Force R. Yan
Internet Draft Y. Jiang
L. Gui
Alcatel Shanghai Bell
Expiration: January 2006 X. Duan
File: draft-yan-dhc-dhcpv6-opt-dnszone-03.txt China Mobile
Domain Suffix Option for DHCPv6
<Draft-yan-dhc-dhcpv6-opt-dnszone-03.txt>
July 8, 2005
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 6, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005). All Rights Reserved.
Abstract
This document specifies a new DHCPv6 (DHCP for IPv6) option which is
passed from a DHCPv6 server to a DHCPv6 client to specify the
domain suffix name used to perform domain name update.
Yan, et. al. [Page 1]
Internet-Draft domain suffix option for DHCPv6 July 2005
1.0 Introduction
This document describes a new option for DHCPv6 [2] that provides a
mechanism for the transfer of a domain suffix name. Using this
option, an IPv6 device, which works as a DHCPv6 client, can configure
the domain suffix name automatically.
For example, a service provider could use this option to transfer a
domain suffix name to a Customer Premise Equipment (CPE) device
acting as a router between the subscriber's internal network and the
service provider's core network.
The configured domain suffix name is intended to be used by the IPv6
device to perform DNS update for the hosts inside its local network.
The DNS update can be realized by several methods, e.g. the DHCPv6
Client FQDN Option [6] provides a mechanism to exchange client's FQDN
information during a stateful DHCPv6 session. [10] defines a DNS
update mechanism for IPv6 stateless configuration.
1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [4].
This document should be read in conjunction with the DHCPv6
specification, RFC 3315 [2]. Definitions for terms and acronyms used
in this document are defined in RFC 3315 and RFC 3633 [3].
2.0 Domain Suffix Option
The domain suffix option is used to carry a domain suffix to the
DHCPv6 client, which will be used to construct and update the domain
name for the hosts in local network.
The format of the domain suffix option is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Domain suffix ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: 16-bits identifier of the type of option (TBD).
Yan, et. al. [Page 2]
Internet-Draft domain suffix option for DHCPv6 July 2005
Length: Length of the "domain suffix" field in octets.
Domain suffix: The specification of a domain suffix.
The domain suffix in the 'domain suffix' MUST include only one item,
and MUST be encoded as specified in section "Representation and use
of domain names" of RFC3315.
2.1 Usage
In stateful DHCPv6 [2], the DHCPv6 server MAY place a domain
suffix option in the options field of IA_PD option [3] in an outgoing
DHCPv6 message. The DHCPv6 server MUST NOT place a domain suffix
option in any other portion of a stateful DHCPv6 message.
In stateless DHCPv6 [9], the DHCPv6 server MAY place a domain suffix
option in the main option buffer of any DHCPv6 message sent to a
client.
A DHCPv6 server may provide different values for the domain suffix
option to different clients. This is useful to avoid domain name
confliction in large-scale network. The mechanism for choosing which
suffix to assign to which client is a matter of implementation and
administrative policy, and is therefore not specified in this
document.
3.0 Example
+-------+
+------+ + CPE +-+
| Node +--+ +-------+ |
+------+ | |
| +-------+ |
+------+ | + CPE +-+
| Node +--+ +-------+ | +----------+
+------+ | : | |
: +-------+ | +------------------+ | ISP Core |
+----+ CPE +-+--|Aggregation device|--| |
+------+ | +-------+ +------------------+ | Network |
| Node +--+ | |
+------+ +----------+
\____________ __________/ \_________________ ________________/
\/ \/
Subscriber network ISP network
Yan, et. al. [Page 3]
Internet-Draft domain suffix option for DHCPv6 July 2005
The above figure shows a typical usage of the domain suffix option.
In this model, ISP has the ISP level domain name suffix (e.g.
example.com). CPE in subscriber network may include a DNS server
for name resolution for local hosts.
The CPE in the subscriber network, which acts as a requesting
router, initiates a DHCPv6 session with the ISP's aggregation device,
acting as a delegation route. During the DHCP session, an IPv6
prefix, along with the corresponding domain suffix name (i.e.
example.com) will be transferred to the CPE.
The domain suffix name can then be used to construct the domain name
for the hosts in subscriber network, using mechanisms defined in [6]
or [10].
To avoid frequent domain name conflicts, aggregation device might
allocate different domain suffix name for the CPEs. An example way
can be selection based on an external authority such as a RADIUS
server, in which a unique domain suffix name prefix, called
"home name", is negotiated between user and ISP when subscribing.
For example, "user1.example.com" and "user2.example.com".
4.0 Security Considerations
Security considerations in DHCP are described in section 23,
"Security Considerations" of RFC 3315.
A rogue DHCP server can issue bogus domain suffix to a client. This
may cause wrong domain name update.
A malicious client may be able to mount a denial of service attack
by repeated DHCP requests for domain suffix, thus exhausts the DHCP
server's resource.
Currently, it is difficult for DHCP servers to develop much
confidence in the identities of its clients, given the absence of
entity authentication from the DHCP protocol itself. To guard against
attack, DHCP Authentication as described in section 21 of RFC 3315
can be used.
Copyright notice
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Yan, et. al. [Page 4]
Internet-Draft domain suffix option for DHCPv6 July 2005
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
References
[1] Deering, S. and R. Hiden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC2460, December 1998.
[2] Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B. and R.
Droms (ed.), "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, May 2003.
[3] O. Troan, R. Droms, "IPv6 prefix option for DHCPv6", RFC3363,
December 2003.
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[5] P. Vixie, S. Thomson, Y. Rekhter and J. Bound, "Dynamic Updates
in the Domain Name System (DNS UPDATE)", RFC2136, April 1997.
[6] B. Volz, "The DHCPv6 Client FQDN Option", draft-ietf-dhc-
dhcpv6-fqdn-00.txt, September, 2004.
[7] Wellington, B., "Secure Domain Name System (DNS) Dynamic
Update", RFC 3007, November 2000.
[8] Mockapetris, P., "Domain names - concepts and facilities", STD
13, RFC 1034, November 1987.
[9] R. Droms, "Stateless Dynamic Host Configuration Protocol (DHCP)
Service for IPv6", RFC3736, April 2004.
[10] R. Yan, "DNS update in IPv6 stateless configuration", draft-yan
-ipv6-ra-dns-01.txt, June 2005.
Yan, et. al. [Page 5]
Internet-Draft domain suffix option for DHCPv6 July 2005
Author Information:
Renxiang Yan
Yinglan Jiang
Luoning Gui
Research & Innovation Center
Alcatel Shanghai Bell Co., Ltd.
388#, NingQiao Road, Pudong Jinqiao,
Shanghai 201206 P.R. China
Phone: +86 (21) 5854-1240, ext. 7169
Email: renxiang.yan@alcatel-sbell.com.cn
Yinglan.jiang@alcatel-sbell.com.cn
Luoning.gui@alcatel-sbell.com.cn
Xiaodong Duan
Research & Development Center
China Mobile Communications Corporation
53A, Xibianmennei Ave., Xuanwu District,
Beijing, 100053 P.R. China
Phone: +86 (10) 6600-6688, ext. 3062
Email: duanxiaodong@chinamobile.com
Yan, et. al. [Page 5]