Network Working Group Dave Thaler INTERNET-DRAFT Microsoft November 19, 2001 Jun-ichiro itojun Hagino Expires May 2002 IIJ Research Laboratory IPv6 Stateless DNS Discovery Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet Drafts are valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet Drafts as reference material or to cite them other than as a "work in progress". The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Abstract This document specifies the steps a host takes in deciding how to autoconfigure information (other than the host's name itself) required for name resolution in IP version 6. The autoconfiguration process includes determining whether such information should be obtained through the stateless mechanism, the stateful mechanism, or both. This document defines the process for acquiring a list of DNS server addresses, a domain search path, and the domain name of the host via a stateless Expires April 2001 [Page 1] Draft Stateless DNS Discovery November 2001 mechanism. The details of autoconfiguration using the stateful protocol are specified elsewhere. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Expires April 2001 [Page 2] Draft Stateless DNS Discovery November 2001 1. Introduction RFC 2462 [ADDRCONF] specifies "OtherConfigFlag" as a per-interface variable, which is set from the value of the "O" ("Other stateful configuration") flag in Router Advertisements received. When OtherConfigFlag is set on an interface, information related to name resolution is obtained using the stateful autoconfiguration mechanism. However, when OtherConfigFlag is not set, it does not describe how to obtain such information. This is the purpose of this document. For a host to effectively resolve names of other hosts, and potentially allow resolution of its name to be performed, the following parameters are typically required: o One or more addresses of Domain Name Service (DNS) [RFC1034, RFC1035] servers. The function of name-to-address resolution (or vice versa) in IP is performed by DNS, which requires that at least one DNS Server be known and reachable by a device desiring to perform name resolution. o A per-interface domain name of the host itself, and is equivalent to the Domain Name option in [DHCP]. This can be used when Multicast DNS is enabled, and the host responds to queries for its own name, as well as when DNS Dynamic Update is enabled. Depending on the implementation, the per-interface domain name may or may not be the same thing as the primary domain name of the host. o Search path. It is currently common practice for the search path to be computed by a device based on its domain name(s). However, a DHCP option [DOMSEARCH] has been proposed, and so search path configuration is likely to be a requirement in general. o mDNS-enabled flag. This parameter controls whether Multicast DNS [MDNS] should be enabled on the host's interface. A design team recommendation [DDDT] contains an analysis of the requirements and solution space, which was used as the basis for this document. One result of this analysis was that there is a spectrum of configuration/discovery mechanisms. At one end, a single protocol is used to configure/discovery all types of information. This style works well in an administered environment where a network administrator wants to have a central point of Expires April 2001 [Page 3] Draft Stateless DNS Discovery November 2001 control, and apply policies, etc. At the other end, each protocol is self-configuring, rather than depending on any other protocol or server. This style provides optimal fate sharing, and works well in zero-configuration environments such as adhoc networks and simple networks without network administrator staff. The former mechanism is used with the "Other stateful configuration" flag is used, and this draft provides the benefits (and limitations) of the latter approach when "Other stateful configuration" is not set. 2. Overview A set of three well-known site-local IPv6 addresses are reserved for autodiscovery of DNS servers. These addresses may be used as unicast addresses, assigned to different servers, or as anycast addresses with one of them being assigned to all DNS servers in the site, or any combination of anycast and unicast addresses. In any case, host routes are propagated in the site's routing tables. This document proposes that these three addresses be fec0:0:0:ffff::1, fec0:0:0:ffff::2, and fec0:0:0:ffff::3. This list of three addresses may be hardcoded into a host. Furthermore, we define two levels of functionality, as follows. 3. Level 1 Compliance Level 1 compliance entails using the three addresses above for actual name resolution. It provides only rudimentary functionality. In particular, it does not provide the ability to have separate configuration for hosts on different subnets, nor to provide hosts with a domain name other than one for which the DNS server is authoritative. 3.1. DNS Server Configuration Level 1 functionality requires no DNS server configuration other than assigning one of the well-known addresses to one of the server's interfaces. A host route must then be injected into the routing domain, e.g., by configuring a static host route on the server's router, and redistributing it into the intra-domain routing protocol. Expires April 2001 [Page 4] Draft Stateless DNS Discovery November 2001 A host route must then be injected into the site's routing infrastructure. Route injection can be done via any of several methods, including: a) Run the server on a router, and configure it to inject the host route. b) Run a routing protocol on the server, and configure it to inject the host route. Note that this requires that the server and its router(s) must run the same routing protocol, at least for communication between the router(s) and the server(s) on the link. However, a server does not need to participate fully in the routing protocol, it only needs to be able to inject routes. c) Run multiple servers on the same link(s), and configure their local router(s) to inject host routes for the well-known address into the site's routing infrastructure. Running multiple servers on the same link provides robustness to the failure of a server, while routing provides robustness to the loss of routers and other links. There may still be some failures, however, such as a unidirectional failure of the router's interface, which are not handled by this option. d) Modify the routers on the link to periodically solicit (using Neighbor Discovery) the well-known address, and inject the host route based on whether a reply is received. e) Use a host-to-router protocol for communicating anycast group joins to routers. There is now work in progress [HOST- ANYCAST] in this regard. 3.2. Host Behavior The host sets its DNS server list equal to the set of three addresses listed above. The search path is not discovered, but is generated from the host's domain name(s) as is currently common practice. Multicast DNS is enabled only if no servers respond. If desired, a per-interface domain name can be obtained by sending a query (with the Recursion Desired (RD) bit set), doing a reverse lookup for the well-known site-local IPv6 destination address, and extracting the domain name from the NS record in the reply. Expires April 2001 [Page 5] Draft Stateless DNS Discovery November 2001 4. Level 2 Compliance Level 2 compliance allows site administrators to have site-wide defaults for all name resolution parameters, and optionally to have subnet-specific overrides. However, it defines a new DNS record type to hold name resolutioin configuration information. In this way, DNS becomes self-configuring. 4.1. DNS Server Configuration A new record type, CFG, is defined, with a syntax as follows: CFG "=" The set of attribute names is described below. This set may be extended by other RFCs, but any new attributes MUST be specific to name resolution. The DNS server list is expressed with a string of the form "dnsservers=
[,
]*" where the attribute value is a comma-separated list of one or more addresses (either IPv4 or IPv6) in string literal format suitable for passing to getaddrinfo. The domain name to use is expressed with a string of the form "domainname=" where the attribute value is the domain name the client should use. The domain suffix search path is expressed with a string of the form "searchpath=[,]*" where the attribute value is a comma-separated list of domain suffixes. The mDNS enabled flag is expressed with a string of the form "mdnsenabled=" where the attribute value is either "true" or "false". Name resolution information can be expressed as defaults for the entire site, as well as per-subnet overrides if desired. To express site defaults, the record owner used is a wildcard, namely *.local.arpa. The format of per-subnet overrides is described in the next section. [NOTE WELL: the use of "local.arpa" and the CFG record syntax shown above are just placeholders until DNS experts figure out Expires April 2001 [Page 6] Draft Stateless DNS Discovery November 2001 what the right thing is.] Each of the attributes described herein are optional, and any combination may be used, except that only one record per attributename should be present per owner (site or subnet) string. *.local.arpa IN CFG "dnsservers=fec0:0:1::1,fec0:0:2::2" *.local.arpa IN CFG "domainname=example.com" *.local.arpa IN CFG "searchpath=foo.example.com, bar.example.com,example.com" *.local.arpa IN CFG "mdnsenabled=true" Table 1: Example configuration The DNS server must also be assigned one of the well-known site- local addresses, and a host route must be injected into the site's routing infrastructure, e.g. using one of the methods described above in Section 3.1. 4.2. Host Behavior When an interface comes up, and a host determines that the OtherConfigFlag on the interface is off, then it takes the following actions. The host constructs a DNS query for CFG records for ".local.arpa.", where is constructed from an onlink prefix as follows: 1) Determine the onlink prefix to use. Any onlink site-local prefix is used, if present. Otherwise, any onlink global prefix is used. If no other onlink prefixes are present (e.g., if no routers are present), the link-local prefix is used as a last resort. 2) Convert the subnet prefix to a string by taking the lower case string literal representation, with no zero compression, and replacing all colons with underscores. Table 2 below shows some examples. This notation is used so that it uses only one token, is unique per prefix, and is human readable. Expires April 2001 [Page 7] Draft Stateless DNS Discovery November 2001 Prefix String ----------------- -------------------------------------- fec0:0:0:1::/64 fec0_0000_0000_0001.local.arpa 3ffe:ffff:0:1234::/64 3ffe_ffff_0000_1234.local.arpa fe80::/64 fe80_0000_0000_0000.local.arpa Table 2: Example queries Once the query is formed, the host initially sends out the query using UDP to each discovery address in turn until a reply is received, or until the end of the list is reached. To avoid implosion problems when an entire site reboots such as after a power outage, the first request should wait 3 seconds for a reply, with the wait period doubling for each subsequent request. Since the destination address may be an anycast address, the reply will necessarily come from a different address. The host must not discard the reply simply because the source address is different. A more detailed discussion of this issue can be found in [ANYCAST]. Upon receiving a response, the host parses the CFG records and acts on the information as follows. If a dnsservers attribute is present, the list of server addresses is extracted from the value. If no such attribute is present (or if no reply is received), an implementation-specific default list is used. For example: o an implementation MAY use an empty list (effectively disabling name resolution), o a host MAY use a DNS server list containing only the anycast address, subject to the limitations discussed in the next section, o a host MAY use mDNS [MDNS] only, or o a host MAY use some combination of the above. In general, the list obtained is used in the same way as if the list had been obtained (or failed to be obtained) via DHCP. If a domainname attribute is present, the domain name is extracted from the value. The domain name (or lack thereof) is used in the Expires April 2001 [Page 8] Draft Stateless DNS Discovery November 2001 same way as if the list had been obtained (or failed to be obtained) via DHCP. If the searchpath attribute is present, the search path is extracted from the value. If not present, the host uses the search path it would use if no path had been obtained if DHCP were in use. If the mdnsenabled attribute is present, the value is extracted. If not present, mDNS is not enabled. 5. Security Considerations Ensuring that queries reach a legitimate DNS server relies on the security of the IPv6 routing infrastructure. The issues here are the same as those for protecting basic IPv6 connectivity. IPsec/IKE can be used when the well-known addresses are used as unicast addresses, rather than anycast addresses. When anycast is used, per RFC 2373 an anycast address cannot be used as a source address, and as a result IPsec/IKE cannot be used. However, the payload can be protected as follows. If the client can preconfigure a well known private or public key then TSIG [TSIG] can be used with the same packets presented for the query. If this is not the case, then TSIG keys will have to be negotiated using [TKEY]. After the client has the proper key then the query can be performed. 6. IANA Considerations The IANA should assign the following site-local IPv6 addresses to be used as well-known addresses assigned to DNS servers: fec0:0:0:ffff::1, fec0:0:0:ffff::2, and fec0:0:0:ffff::3. [Note to readers: the above addresses are tentative, but the ffff is intended to be consistent with a simultaneous proposal to reserve the ffff SLA for use with IANA-assigned addresses such as these.] Expires April 2001 [Page 9] Draft Stateless DNS Discovery November 2001 7. Acknowledgements The IPv6 DNS Discovery Design Team [DDDT] provided recommendations that formed the basis of this specification. Rob Austein and the IPv6 Working Group provided valuable feedback on the mechanism. Aaron Schrader provided helpful comments on this draft. 8. References [ADDRCONF] Thomson, S., and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998. [ANYCAST] Hagino, Jun-ichiro itojun, and K. Ettikan, "An analysis of IPv6 anycast", draft-ietf-ipngwg-ipv6-anycast- analysis-00.txt, Work in progress, July 2001. [DDDT] Thaler, D., Editor, "Analysis of DNS Server Discovery Mechanisms for IPv6", draft-ietf-ipngwg-dns-discovery- analysis-00.txt [DIFFSEC] D. Eastlake, "Storage of Diffie-Hellman Keys in the Domain Name System (DNS)", RFC 2539, March 1999. [DNSSEC] D. Eastlake, "Domain Name System Security Extensions", RFC 2535, March 1999. [DOMSEARCH] B. Aboba, "DHCP Domain Search Option", draft-aboba-dhc- domsearch-01.txt, December 2000. [HOST-ANYCAST] Haberman, B., and D. Thaler, "Host-based Anycast using MLD", draft-haberman-ipngwg-host-anycast-00.txt, February 2001. [MDNS] Esibov, L., Aboba, B., and D. Thaler, draft-ietf-dnsext- mdns-03.txt, July 2001. Expires April 2001 [Page 10] Draft Stateless DNS Discovery November 2001 [TKEY] D. Eastlake, "Secret Key Establishment for DNS (TKEY RR)" RFC 2930, September 2000. [TSIG] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington, "Secret Key Transaction Authentication for DNS (TSIG)", RFC 2845, May 2000. 9. Authors' Addresses Dave Thaler Microsoft One Microsoft Way Redmond, CA 98052, USA Email: dthaler@microsoft.com Jun-ichiro itojun HAGINO Research Laboratory, Internet Initiative Japan Inc. Takebashi Yasuda Bldg., 3-13 Kanda Nishiki-cho, Chiyoda-ku, Tokyo 101-0054, JAPAN Email: itojun@iijlab.net 10. Full Copyright Statement Copyright (C) The Internet Society (2001). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet languages other than English. Expires April 2001 [Page 11] Draft Stateless DNS Discovery November 2001 The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Expires April 2001 [Page 12]