< draft-andrews-full-service-resolvers-01.txt   draft-andrews-full-service-resolvers-02.txt >
Network Working Group M. Andrews Network Working Group M. Andrews
Internet-Draft ISC Internet-Draft ISC
Expires: April 17, 2006 October 14, 2005 Expires: August 27, 2006 February 23, 2006
Configuration Issues Facing Full Service DNS Resolvers In The Presence Configuration Issues Facing Full Service DNS Resolvers In The Presence
of Private Network Addressing of Private Network Addressing
draft-andrews-full-service-resolvers-01 draft-andrews-full-service-resolvers-02
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 17, 2006. This Internet-Draft will expire on August 27, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
Practice has shown that there are a number of zones all full service Practice has shown that there are a number of zones all full service
resolvers should, unless configured otherwise, automatically serve. resolvers should, unless configured otherwise, automatically serve.
RFC4193 already specifies that this should occur for D.F.IP6.ARPA. RFC4193 already specifies that this should occur for D.F.IP6.ARPA.
This document extends the practice to cover the IN-ADDR.ARPA zones This document extends the practice to cover the IN-ADDR.ARPA zones
for RFC1918 address space and other well known zones with similar for RFC1918 address space and other well known zones with similar
usage constraints. usage constraints.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Reserved Words . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Reserved Words . . . . . . . . . . . . . . . . . . . . . . 3
2. Effects on sites using RFC1918 addresses. . . . . . . . . . . . 3 2. Effects on sites using RFC1918 addresses. . . . . . . . . . . . 3
3. Changes To Full Service Resolver Behaviour. . . . . . . . . . . 4 3. Changes To Full Service Resolver Behaviour. . . . . . . . . . . 4
4. List Of Zones Covered . . . . . . . . . . . . . . . . . . . . . 4 4. Lists Of Zones Covered . . . . . . . . . . . . . . . . . . . . 4
4.1. RFC1918 Zones . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. RFC1918 Zones . . . . . . . . . . . . . . . . . . . . . . . 4
4.2. RFC3330 Zones . . . . . . . . . . . . . . . . . . . . . . . 5 4.2. RFC3330 Zones . . . . . . . . . . . . . . . . . . . . . . . 5
4.3. Local IPv6 Uni-cast Addresses . . . . . . . . . . . . . . . 5 4.3. Local IPv6 Unicast Addresses . . . . . . . . . . . . . . . 5
4.4. IPv6 Locally Assigned Local Address . . . . . . . . . . . . 5 4.4. IPv6 Locally Assigned Local Addresses . . . . . . . . . . . 5
4.5. IPv6 Link Local Addresses . . . . . . . . . . . . . . . . . 5 4.5. IPv6 Link Local Addresses . . . . . . . . . . . . . . . . . 5
5. Author's Note . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Author's Note . . . . . . . . . . . . . . . . . . . . . . . . . 5
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . . 7 10.1. Normative References . . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . . . 9
1. Introduction 1. Introduction
Practice has shown that there are a number of zones all full service Practice has shown that there are a number of zones all full service
resolvers should, unless configured otherwise, automatically serve. resolvers should, unless configured otherwise, automatically serve.
These zones include, but are not limited to, the IN-ADDR.ARPA zones These zones include, but are not limited to, the IN-ADDR.ARPA zones
for the address space allocated by [RFC1918] and the IP6.ARPA zones for the address space allocated by [RFC1918] and the IP6.ARPA zones
for locally assigned local IPv6 addresses, [RFC4193]. for locally assigned local IPv6 addresses, [RFC4193].
skipping to change at page 4, line 22 skipping to change at page 4, line 22
proposed in this draft to allow resolution to continue. proposed in this draft to allow resolution to continue.
Other sites that use [RFC1918] addresses and either have local copies Other sites that use [RFC1918] addresses and either have local copies
of the reverse zones or don't have reverse zones configured should of the reverse zones or don't have reverse zones configured should
see no difference other than the name error appearing to come from a see no difference other than the name error appearing to come from a
different source. different source.
3. Changes To Full Service Resolver Behaviour. 3. Changes To Full Service Resolver Behaviour.
Unless configured otherwise, a full service resolver will return name Unless configured otherwise, a full service resolver will return name
errors for queries within the list of zones covered below. One errors for queries within the lists of zones covered below. One
common way to do this is to serve empty (SOA and NS only) zones. common way to do this is to serve empty (SOA and NS only) zones.
A server doing this MUST provide a mechanism to disable this A server doing this MUST provide a mechanism to disable this
behaviour, preferably on a zone by zone basis. behaviour, preferably on a zone by zone basis.
If using empty zones one should not use the same NS and SOA records If using empty zones one should not use the same NS and SOA records
as used on the public Internet servers as that will make it harder to as used on the public Internet servers as that will make it harder to
detect leakage from the public Internet servers. This document detect leakage from the public Internet servers. This document
recommends that the NS record default to the name of the zone and the recommends that the NS record default to the name of the zone and the
SOA MNAME default to the name of the zone. The SOA RNAME should SOA MNAME default to the name of the zone. The SOA RNAME should
default to ".". Implementations SHOULD provide a mechanism to set default to ".". Implementations SHOULD provide a mechanism to set
these values. No address records need to be provided for the name these values. No address records need to be provided for the name
server. server.
@ 10800 IN SOA @ . 1 3600 1200 604800 10800 @ 10800 IN SOA @ . 1 3600 1200 604800 10800
@ 10800 IN NS @ @ 10800 IN NS @
4. List Of Zones Covered 4. Lists Of Zones Covered
4.1. RFC1918 Zones 4.1. RFC1918 Zones
10.IN-ADDR.ARPA 10.IN-ADDR.ARPA
16.172.IN-ADDR.ARPA 16.172.IN-ADDR.ARPA
17.172.IN-ADDR.ARPA 17.172.IN-ADDR.ARPA
18.172.IN-ADDR.ARPA 18.172.IN-ADDR.ARPA
19.172.IN-ADDR.ARPA 19.172.IN-ADDR.ARPA
20.172.IN-ADDR.ARPA 20.172.IN-ADDR.ARPA
21.172.IN-ADDR.ARPA 21.172.IN-ADDR.ARPA
skipping to change at page 5, line 20 skipping to change at page 5, line 20
26.172.IN-ADDR.ARPA 26.172.IN-ADDR.ARPA
27.172.IN-ADDR.ARPA 27.172.IN-ADDR.ARPA
28.172.IN-ADDR.ARPA 28.172.IN-ADDR.ARPA
29.172.IN-ADDR.ARPA 29.172.IN-ADDR.ARPA
30.172.IN-ADDR.ARPA 30.172.IN-ADDR.ARPA
31.172.IN-ADDR.ARPA 31.172.IN-ADDR.ARPA
168.192.IN-ADDR.ARPA 168.192.IN-ADDR.ARPA
4.2. RFC3330 Zones 4.2. RFC3330 Zones
0.IN-ADDR.ARPA /* IPv4 "THIS" NETWORK */
127.IN-ADDR.ARPA /* IPv4 LOOP-BACK NETWORK */ 127.IN-ADDR.ARPA /* IPv4 LOOP-BACK NETWORK */
254.169.IN-ADDR.ARPA /* IPv4 LINK LOCAL */ 254.169.IN-ADDR.ARPA /* IPv4 LINK LOCAL */
2.0.192.IN-ADDR.ARPA /* IPv4 TEST NET */ 2.0.192.IN-ADDR.ARPA /* IPv4 TEST NET */
255.255.255.255.IN-ADDR.ARPA /* IPv4 BROADCAST */ 255.255.255.255.IN-ADDR.ARPA /* IPv4 BROADCAST */
4.3. Local IPv6 Uni-cast Addresses 4.3. Local IPv6 Unicast Addresses
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP
IP6.ARPA 6.ARPA
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\ 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP
IP6.ARPA 6.ARPA
4.4. IPv6 Locally Assigned Local Address 4.4. IPv6 Locally Assigned Local Addresses
D.F.IP6.ARPA D.F.IP6.ARPA
4.5. IPv6 Link Local Addresses 4.5. IPv6 Link Local Addresses
8.E.F.IP6.ARPA 8.E.F.IP6.ARPA
9.E.F.IP6.ARPA 9.E.F.IP6.ARPA
A.E.F.IP6.ARPA A.E.F.IP6.ARPA
B.E.F.IP6.ARPA B.E.F.IP6.ARPA
5. Author's Note 5. Author's Note
IPv6 site-local addresses and IPv6 Globally Assigned Local addresses IPv6 site-local addresses and IPv6 Globally Assigned Local addresses
are not covered here. It is expected that IPv6 site-local addresses are not covered here. It is expected that IPv6 site-local addresses
will be self correcting as IPv6 implementations remove support for will be self correcting as IPv6 implementations remove support for
site-local addresses howsever, sacrificial servers for C.E.F.IP6.ARPA site-local addresses however, sacrificial servers for C.E.F.IP6.ARPA
to F.E.F.IP6.ARPA may still need to be deployed in the short term if to F.E.F.IP6.ARPA may still need to be deployed in the short term if
the traffic becomes excessive. the traffic becomes excessive.
For IPv6 Globally Assigned Local addresses there has been no decision For IPv6 Globally Assigned Local addresses there has been no decision
made about whether the registries will provide delegations in this made about whether the registries will provide delegations in this
space or not. If they don't then C.F.IP6.ARPA will need to be added space or not. If they don't then C.F.IP6.ARPA will need to be added
to the list above. If they do then registries will need to take to the list above. If they do then registries will need to take
steps to ensure that name servers are provided for these addresses. steps to ensure that name servers are provided for these addresses.
This document is also ignoring the IP6.INT counterpart for the This document is also ignoring the IP6.INT counterpart for the
skipping to change at page 6, line 28 skipping to change at page 6, line 29
6. IANA Considerations 6. IANA Considerations
This document recommends that IANA establish a registry of zones This document recommends that IANA establish a registry of zones
which require this default behaviour, the initial contents are above. which require this default behaviour, the initial contents are above.
More zones are expected to be added, and possibly deleted from this More zones are expected to be added, and possibly deleted from this
registry over time. Name server implementors are encouraged to check registry over time. Name server implementors are encouraged to check
this registry and adjust their implementations to reflect changes this registry and adjust their implementations to reflect changes
therein. therein.
This registry can be amended through IESG reviewed RFC publication.
7. Security Considerations 7. Security Considerations
During the initial deployment phase, particularly where [RFC1918] During the initial deployment phase, particularly where [RFC1918]
addresses are in use, there may be some clients that unexpectedly addresses are in use, there may be some clients that unexpectedly
receive name error rather than a PTR record. This may cause some receive name error rather than a PTR record. This may cause some
service disruption until full service resolvers have been re- service disruption until full service resolvers have been re-
configured. configured.
When DNSSEC is deployed within the IN-ADDR.ARPA and IP6.ARPA When DNSSEC is deployed within the IN-ADDR.ARPA and IP6.ARPA
namespaces, the zones listed above will need to be delegated as namespaces, the zones listed above will need to be delegated as
skipping to change at page 7, line 6 skipping to change at page 7, line 10
It is recommended that sites actively using these namespaces secure It is recommended that sites actively using these namespaces secure
them using DNSSEC. This is good just on general principles. It will them using DNSSEC. This is good just on general principles. It will
also protect the clients from accidental leakage of answers from the also protect the clients from accidental leakage of answers from the
Internet which will be unsigned. Internet which will be unsigned.
8. Acknowledgements 8. Acknowledgements
This work was supported by the US National Science Foundation This work was supported by the US National Science Foundation
(research grant SCI-0427144) and DNS-OARC. (research grant SCI-0427144) and DNS-OARC.
9. References 9. Change History
9.1. Normative References Changes from draft-andrews-full-service-resolvers-01.txt. Added
0.IN-ADDR.ARPA.
10. References
10.1. Normative References
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets", and E. Lear, "Address Allocation for Private Internets",
RFC 1918, February 1996. RFC 1918, February 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
9.2. Informative References 10.2. Informative References
[AS112] "AS112 Project", <http://as112.net/>. [AS112] "AS112 Project", <http://as112.net/>.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005. Addresses", RFC 4193, October 2005.
Author's Address Author's Address
Mark P. Andrews Mark P. Andrews
Internet Systems Consortium Internet Systems Consortium
skipping to change at page 9, line 41 skipping to change at page 9, line 41
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 19 change blocks. 
24 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/