idnits 2.17.1 draft-ietf-6man-dns-options-bis-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC5006, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 7, 2010) is 5032 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3736 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 5006 (Obsoleted by RFC 6106) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Jeong 3 Internet-Draft Brocade/ETRI 4 Obsoletes: 5006 (if approved) S. Park 5 Intended status: Standards Track SAMSUNG Electronics 6 Expires: January 8, 2011 L. Beloeil 7 France Telecom R&D 8 S. Madanapalli 9 Ordyn Technologies 10 July 7, 2010 12 IPv6 Router Advertisement Options for DNS Configuration 13 draft-ietf-6man-dns-options-bis-06 15 Abstract 17 This document specifies IPv6 Router Advertisement options to allow 18 IPv6 routers to advertise a list of DNS recursive server addresses 19 and a DNS search list to IPv6 hosts. 21 Status of This Memo 23 This Internet-Draft is submitted to IETF in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF), its areas, and its working groups. Note that 28 other groups may also distribute working documents as Internet- 29 Drafts. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 The list of current Internet-Drafts can be accessed at 37 http://www.ietf.org/ietf/1id-abstracts.txt. 39 The list of Internet-Draft Shadow Directories can be accessed at 40 http://www.ietf.org/shadow.html. 42 This Internet-Draft will expire on January 8, 2011. 44 Copyright Notice 46 Copyright (c) 2010 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 1.1. Applicability Statements . . . . . . . . . . . . . . . . . 3 63 1.2. Coexistence of RA Options and DHCP Options for DNS 64 Configuration . . . . . . . . . . . . . . . . . . . . . . 4 65 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 66 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 67 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 68 5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5 69 5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 5 70 5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7 71 5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8 72 5.3.1. Procedure in IPv6 Host . . . . . . . . . . . . . . . . 8 73 5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9 74 6. Implementation Considerations . . . . . . . . . . . . . . . . 10 75 6.1. DNS Repository Management . . . . . . . . . . . . . . . . 10 76 6.2. Synchronization between DNS Server List and Resolver 77 Repository . . . . . . . . . . . . . . . . . . . . . . . . 11 78 6.3. Synchronization between DNS Search List and Resolver 79 Repository . . . . . . . . . . . . . . . . . . . . . . . . 12 80 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 81 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 82 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 83 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 84 10.1. Normative References . . . . . . . . . . . . . . . . . . . 15 85 10.2. Informative References . . . . . . . . . . . . . . . . . . 15 86 Appendix A. Changes from RFC 5006 . . . . . . . . . . . . . . . . 16 88 1. Introduction 90 The purpose of this document is to standardize IPv6 Router 91 Advertisement (RA) option for DNS configuration in IPv6 hosts 92 specified in an earlier experimental specification [RFC5006] and also 93 to define a new RA option for Domain Name Search lists. 95 Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless Address 96 Autoconfiguration provide ways to configure either fixed or mobile 97 nodes with one or more IPv6 addresses, default routers and some other 98 parameters [RFC4861][RFC4862]. Most Internet services are identified 99 by using a DNS name. The two RA options defined in this document 100 provide the DNS information needed for an IPv6 host to reach Internet 101 services. 103 It is infeasible to manually configure nomadic hosts each time they 104 connect to a different network. While a one-time static 105 configuration is possible, it is generally not desirable on general- 106 purpose hosts such as laptops. For instance, locally defined name 107 spaces would not be available to the host if it were to run its own 108 name server software directly connected to the global DNS. 110 The DNS information can also be provided through DHCP 111 [RFC3315][RFC3736][RFC3646]. However, the access to DNS is a 112 fundamental requirement for almost all hosts, so IPv6 stateless 113 autoconfiguration cannot stand on its own as an alternative 114 deployment model in any practical network without any support for DNS 115 configuration. 117 These issues are not pressing in dual stack networks as long as a DNS 118 server is available on the IPv4 side, but become more critical with 119 the deployment of IPv6-only networks. As a result, this document 120 defines a mechanism based on IPv6 RA options to allow IPv6 hosts to 121 perform the automatic DNS configuration. 123 1.1. Applicability Statements 125 RA-based DNS configuration is a useful alternative in networks where 126 an IPv6 host's address is autoconfigured through IPv6 stateless 127 address autoconfiguration, and where there is either no DHCPv6 128 infrastructure at all or some hosts do not have a DHCPv6 client. The 129 intention is to enable the full configuration of basic networking 130 information for hosts without requiring DHCPv6. However, when in 131 many networks some additional information needs to be distributed, 132 those networks are likely to employ DHCPv6. In these networks RA- 133 based DNS configuration may not be needed. 135 RA-based DNS configuration allows an IPv6 host to acquire the DNS 136 configuration (i.e., DNS recursive server addresses and DNS search 137 list) for the link(s) to which the host is connected. Furthermore, 138 the host learns this DNS configuration from the same RA message that 139 provides configuration information for the link, thereby avoiding 140 also running DHCPv6. 142 The advantages and disadvantages of the RA-based approach are 143 discussed in [RFC4339] along with other approaches, such as the DHCP 144 and well-known anycast addresses approaches. 146 1.2. Coexistence of RA Options and DHCP Options for DNS Configuration 148 Two protocols exist to configure the DNS information on a host, the 149 Router Advertisement options described in this document and the 150 DHCPv6 options described in [RFC3646]. They can be used together. 151 The rules governing the decision to use stateful configuration 152 mechanisms are specified in [RFC4861]. Hosts conforming to this 153 specification MUST extract DNS information from Router Advertisement 154 messages, unless static DNS configuration has been specified by the 155 user. If there is DNS information available from multiple Router 156 Advertisements and/or from DHCP, the host MUST maintain an ordered 157 list of this information as specified in Section 5.3.1. 159 2. Requirements Language 161 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 162 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 163 document are to be interpreted as described in [RFC2119]. 165 3. Terminology 167 This document uses the terminology described in [RFC4861] and 168 [RFC4862]. In addition, four new terms are defined below: 170 o Recursive DNS Server (RDNSS): Server which provides a recursive 171 DNS resolution service for translating domain names into IP 172 addresses as defined in [RFC1034] and [RFC1035]. 174 o RDNSS Option: IPv6 RA option to deliver the RDNSS information to 175 IPv6 hosts [RFC4861]. 177 o DNS Search List (DNSSL): The list of DNS suffix domain names used 178 by IPv6 hosts when they perform DNS query searches for short, 179 unqualified domain names. 181 o DNSSL Option: IPv6 RA option to deliver the DNSSL information to 182 IPv6 hosts. 184 o DNS Repository: Two data structures for managing DNS Configuration 185 Information in the IPv6 protocol stack in addition to Neighbor 186 Cache and Destination Cache for Neighbor Discovery [RFC4861]. The 187 first data structure is the DNS Server List for RDNSS addresses 188 and the second is the DNS Search List for DNS search domain names. 190 o Resolver Repository: Configuration repository with RDNSS addresses 191 and a DNS search list that a DNS resolver on the host uses for DNS 192 name resolution; for example, the Unix resolver file (i.e., /etc/ 193 resolv.conf) and Windows registry. 195 4. Overview 197 This document standardizes the ND option called the RDNSS option 198 defined in [RFC5006] that contains the addresses of recursive DNS 199 servers. This document also defines a new ND option called the DNSSL 200 option for Domain Search List. This is to maintain parity with the 201 DHCPv6 options and to ensure that there is necessary functionality to 202 determine the search domains. 204 The existing ND message (i.e., Router Advertisement) is used to carry 205 this information. An IPv6 host can configure the IPv6 addresses of 206 one or more RDNSSes via RA messages. Through the RDNSS and DNSSL 207 options, along with the prefix information option based on the ND 208 protocol ([RFC4861] and [RFC4862]), an IPv6 host can perform the 209 network configuration of its IPv6 address and the DNS information 210 simultaneously without needing DHCPv6 for the DNS configuration. The 211 RA options for RDNSS and DNSSL can be used on any network that 212 supports the use of ND. 214 This approach requires the manual configuration or other automatic 215 mechanisms (e.g., DHCPv6 or vendor proprietary configuration 216 mechanisms) to configure the DNS information in routers sending the 217 advertisements. The automatic configuration of RDNSS addresses and a 218 DNS search list in routers is out of scope for this document. 220 5. Neighbor Discovery Extension 222 The IPv6 DNS configuration mechanism in this document needs two new 223 ND options in Neighbor Discovery: (i) the Recursive DNS Server 224 (RDNSS) option and (ii) the DNS Search List (DNSSL) option. 226 5.1. Recursive DNS Server Option 228 The RDNSS option contains one or more IPv6 addresses of recursive DNS 229 servers. All of the addresses share the same lifetime value. If it 230 is desirable to have different lifetime values, multiple RDNSS 231 options can be used. Figure 1 shows the format of the RDNSS option. 233 0 1 2 3 234 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 235 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 | Type | Length | Reserved | 237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 238 | Lifetime | 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | | 241 : Addresses of IPv6 Recursive DNS Servers : 242 | | 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 Figure 1: Recursive DNS Server (RDNSS) Option Format 247 Fields: 248 Type 8-bit identifier of the RDNSS option type as assigned 249 by the IANA: 25 251 Length 8-bit unsigned integer. The length of the option 252 (including the Type and Length fields) is in units of 253 8 octets. The minimum value is 3 if one IPv6 address 254 is contained in the option. Every additional RDNSS 255 address increases the length by 2. The Length field 256 is used by the receiver to determine the number of 257 IPv6 addresses in the option. 259 Lifetime 32-bit unsigned integer. The maximum time, in 260 seconds (relative to the time the packet is sent), 261 over which this RDNSS address MAY be used for name 262 resolution. Hosts MAY send a Router Solicitation to 263 ensure the RDNSS information is fresh before the 264 interval expires. In order to provide fixed hosts 265 with stable DNS service and allow mobile hosts to 266 prefer local RDNSSes to remote RDNSSes, the value of 267 Lifetime SHOULD be bounded as MaxRtrAdvInterval <= 268 Lifetime <= 2*MaxRtrAdvInterval where 269 MaxRtrAdvInterval is the Maximum RA Interval defined 270 in [RFC4861]. A value of all one bits (0xffffffff) 271 represents infinity. A value of zero means that 272 the RDNSS address MUST no longer be used. 274 Addresses of IPv6 Recursive DNS Servers 275 One or more 128-bit IPv6 addresses of the recursive 276 DNS servers. The number of addresses is determined 277 by the Length field. That is, the number of 278 addresses is equal to (Length - 1) / 2. 280 5.2. DNS Search List Option 282 The DNSSL option contains one or more domain names of DNS suffixes. 283 All of the domain names share the same lifetime value. If it is 284 desirable to have different lifetime values, multiple DNSSL options 285 can be used. Figure 2 shows the format of the DNSSL option. 287 0 1 2 3 288 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 289 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 290 | Type | Length | Reserved | 291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 292 | Lifetime | 293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 | | 295 : Domain Names of DNS Search List : 296 | | 297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 299 Figure 2: DNS Search List (DNSSL) Option Format 301 Fields: 302 Type 8-bit identifier of the DNSSL option type as assigned 303 by the IANA: (TBD) 305 Length 8-bit unsigned integer. The length of the option 306 (including the Type and Length fields) is in units of 307 8 octets. The minimum value is 2 if at least one 308 domain name is contained in the option. The Length 309 field is set to a multiple of 8 octets to accommodate 310 all the domain names in the field of Domain Names of 311 DNS Search List. 313 Lifetime 32-bit unsigned integer. The maximum time, in 314 seconds (relative to the time the packet is sent), 315 over which this DNSSL domain name MAY be used for 316 name resolution. The Lifetime value has the same 317 semantics as with RDNSS option. That is, Lifetime 318 SHOULD be bounded as follows: MaxRtrAdvInterval <= 319 Lifetime <= 2*MaxRtrAdvInterval. A value of all one 320 bits (0xffffffff) represents infinity. A value of 321 zero means that the DNSSL domain name MUST no longer 322 be used. 324 Domain Names of DNS Search List 325 One or more domain names of DNS search list that MUST 326 be encoded using the technique described in Section 327 3.1 of [RFC1035]. By this technique, each domain 328 name is represented as a sequence of labels ending in 329 a zero octet, defined as domain name representation. 330 For more than one domain name, the corresponding 331 domain name representations are concatenated as they 332 are. Note that for the simple decoding, the domain 333 names MUST NOT be encoded in a compressed form, as 334 described in Section 4.1.4 of [RFC1035]. Because the 335 size of this field MUST be a multiple of 8 octets, 336 for the minimum multiple including the domain name 337 representations, the remaining octets other than the 338 encoding parts of the domain name representations 339 MUST be padded with zeros. 341 Note: An RDNSS address or a DNSSL domain name MUST be used only as 342 long as both the RA router lifetime (advertised by a Router 343 Advertisement message [RFC4861]) and the corresponding option 344 lifetime have not expired. The reason is that in the current 345 network to which an IPv6 host is connected, the RDNSS may not be 346 currently reachable, that the DNSSL domain name is not valid any 347 more, or that these options do not provide service to the host's 348 current address (e.g., due to network ingress filtering 349 [RFC2827][RFC5358]). 351 5.3. Procedure of DNS Configuration 353 The procedure of DNS configuration through the RDNSS and DNSSL 354 options is the same as with any other ND option [RFC4861]. 356 5.3.1. Procedure in IPv6 Host 358 When an IPv6 host receives DNS options (i.e., RDNSS option and DNSSL 359 option) through RA messages, it processes the options as follows: 361 o The validity of DNS options is checked with the Length field; that 362 is, the value of the Length field in the RDNSS option is greater 363 than or equal to the minimum value (3) and also the value of the 364 Length field in the DNSSL option is greater than or equal to the 365 minimum value (2). 367 o If the DNS options are valid, the host SHOULD copy the values of 368 the options into the DNS Repository and the Resolver Repository in 369 order. Otherwise, the host MUST discard the options. Refer to 370 Section 6 for the detailed procedure. 372 When the IPv6 host has gathered a sufficient number (e.g., three) of 373 RDNSS addresses (or DNS search domain names), it SHOULD maintain 374 RDNSS addresses (or DNS search domain names) by the sufficient number 375 such that the latest received RDNSS or DNSSL is more preferred to the 376 old ones; that is, when the number of RDNSS addresses (or DNS search 377 domain names) is already the sufficient number, the new one replaces 378 the old one that will expire first in terms of Lifetime. As an 379 exceptional case, if the received RDNSS addresses (or DNS search 380 domain names) already exist in the IPv6 host, their Lifetime fields 381 update their expiration time, that is, when the corresponding DNS 382 information expires in the IPv6 host; note that when the Lifetime 383 field has zero, the corresponding RDNSS (or DNS search domain name) 384 is deleted from the IPv6 host. Except for this update, the IPv6 host 385 SHOULD ignore other RDNSS addresses (or DNS search domain names) 386 within an RDNSS (or a DNSSL) option and/or additional RDNSS (or 387 DNSSL) options within an RA. Refer to Section 6 for the detailed 388 procedure. Note that the sufficient number is a system parameter, so 389 it can be determined by a local policy. Also, separate parameters 390 can be specified for the sufficient number of RDNSS addresses and 391 that of DNS search domain names, respectively. In this document, 392 three is RECOMMENDED as a sufficient number considering both the 393 robust DNS query and the reasonably time-bounded recognition of the 394 unreachability of DNS servers. 396 In the case where the DNS options of RDNSS and DNSSL can be obtained 397 from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep 398 some DNS options from all sources. Unless explicitly specified for 399 the discovery mechanism, the exact number of addresses and domain 400 names to keep is a matter of local policy and implementation choice. 401 However, it is RECOMMENDED that at least three RDNSS addresses (or 402 DNSSL domain names) can be stored from at least two different 403 sources. The DNS options from Router Advertisements and DHCP SHOULD 404 be stored into DNS Repository and Resolver Repository so that 405 information from DHCP appears there first and therefore takes 406 precedence. Thus, the DNS information from DHCP takes precedence 407 over that from RA for DNS queries. On the other hand, for DNS 408 options announced by RA, if some RAs use the Secure Neighbor 409 Discovery (SEND) protocol [RFC3971] for RA security, they MUST be 410 preferred over those which do not use SEND. Refer to Section 7 for 411 the detailed discussion on SEND for RA DNS options. 413 5.3.2. Warnings for DNS Options Configuration 415 There are two warnings for DNS options configuration: (i) warning for 416 multiple sources of DNS options and (ii) warning for multiple network 417 interfaces. First, in the case of multiple sources for DNS options 418 (e.g., RA and DHCP), an IPv6 host can configure its IP addresses from 419 these sources. In this case, it is not possible to control how the 420 host uses DNS information and what source addresses it uses to send 421 DNS queries. As a result, configurations where different information 422 is provided by different sources may lead to problems. Therefore, 423 the network administrator needs to configure DNS options in multiple 424 sources in order to prevent such problems from happening. 426 Second, if different DNS information is provided on different network 427 interfaces, this can lead to inconsistent behavior. The IETF is 428 working on solving this problem for both DNS and other information in 429 Multiple Interfaces (MIF) working group. 431 6. Implementation Considerations 433 Note: This non-normative section gives some hints for implementing 434 the processing of the RDNSS and DNSSL options in an IPv6 host. 436 For the configuration and management of DNS information, the 437 advertised DNS configuration information can be stored and managed in 438 both the DNS Repository and the Resolver Repository. 440 In environments where the DNS information is stored in user space and 441 ND runs in the kernel, it is necessary to synchronize the DNS 442 information (i.e., RDNSS addresses and DNS search domain names) in 443 kernel space and the Resolver Repository in user space. For the 444 synchronization, an implementation where ND works in the kernel 445 should provide a write operation for updating DNS information from 446 the kernel to the Resolver Repository. One simple approach is to 447 have a daemon (or a program that is called at defined intervals) that 448 keeps monitoring the lifetimes of RDNSS addresses and DNS search 449 domain names all the time. Whenever there is an expired entry in the 450 DNS Repository, the daemon can delete the corresponding entry from 451 the Resolver Repository. 453 6.1. DNS Repository Management 455 For DNS repository management, the kernel or user-space process 456 (depending on where RAs are processed) should maintain two data 457 structures: (i) DNS Server List that keeps the list of RDNSS 458 addresses and (ii) DNS Search List that keeps the list of DNS search 459 domain names. Each entry in these two lists consists of a pair of an 460 RDNSS address (or DNSSL domain name) and Expiration-time as follows: 462 o RDNSS address for DNS Server List: IPv6 address of the Recursive 463 DNS Server, which is available for recursive DNS resolution 464 service in the network advertising the RDNSS option. 466 o DNSSL domain name for DNS Search List: DNS suffix domain names, 467 which is used to perform DNS query searches for short, unqualified 468 domain names in the network advertising the DNSSL option. 470 o Expiration-time for DNS Server List or DNS Search List: The time 471 when this entry becomes invalid. Expiration-time is set to the 472 value of the Lifetime field of the RDNSS option or DNSSL option 473 plus the current system time. Whenever a new RDNSS option with 474 the same address (or DNSSL option with the same domain name) is 475 received on the same interface as a previous RDNSS option (or 476 DNSSL option), this field is updated to have a new expiration 477 time. When Expiration-time becomes less than the current system 478 time, this entry is regarded as expired. 480 6.2. Synchronization between DNS Server List and Resolver Repository 482 When an IPv6 host receives the information of multiple RDNSS 483 addresses within a network (e.g., campus network and company network) 484 through an RA message with RDNSS option(s), it stores the RDNSS 485 addresses (in order) into both the DNS Server List and the Resolver 486 Repository. The processing of the RDNSS consists of (i) the 487 processing of RDNSS option(s) included in an RA message and (ii) the 488 handling of expired RDNSSes. The processing of RDNSS option(s) is as 489 follows: 491 Step (a): Receive and parse the RDNSS option(s). For the RDNSS 492 addresses in each RDNSS option, perform Step (b) through Step (d). 494 Step (b): For each RDNSS address, check the following: If the 495 RDNSS address already exists in the DNS Server List and the RDNSS 496 option's Lifetime field is set to zero, delete the corresponding 497 RDNSS entry from both the DNS Server List and the Resolver 498 Repository in order to prevent the RDNSS address from being used 499 any more for certain reasons in network management, e.g., the 500 termination of the RDNSS or a renumbering situation. That is, the 501 RDNSS can resign from its DNS service because the machine running 502 the RDNSS is out of service intentionally or unintentionally. 503 Also, under the renumbering situation, the RDNSS's IPv6 address 504 will be changed, so the previous RDNSS address should not be used 505 any more. The processing of this RDNSS address is finished here. 506 Otherwise, go to Step (c). 508 Step (c): For each RDNSS address, if it already exists in the DNS 509 Server List, then just update the value of the Expiration-time 510 field according to the procedure specified in the third bullet of 511 Section 6.1. Otherwise, go to Step (d). 513 Step (d): For each RDNSS address, if it does not exist in the DNS 514 Server List, register the RDNSS address and lifetime with the DNS 515 Server List and then insert the RDNSS address in front of the 516 Resolver Repository. In the case where the data structure for the 517 DNS Server List is full of RDNSS entries (that is, has more 518 RDNSSes than the sufficient number discussed in Section 5.3.1), 519 delete from the DNS Server List the entry with the shortest 520 expiration time (i.e., the entry that will expire first). The 521 corresponding RDNSS address is also deleted from the Resolver 522 Repository. For the ordering of RDNSS addresses in an RDNSS 523 option, position the first RDNSS address in the RDNSS option as 524 the first one in the Resolver Repository, the second RDNSS address 525 in the option as the second one in the repository, and so on. 526 This ordering allows the RDNSS addresses in the RDNSS option to be 527 preferred according to their order in the RDNSS option for the DNS 528 name resolution. The processing of these RDNSS addresses is 529 finished here. 531 The handling of expired RDNSSes is as follows: Whenever an entry 532 expires in the DNS Server List, the expired entry is deleted from the 533 DNS Server List, and also the RDNSS address corresponding to the 534 entry is deleted from the Resolver Repository. 536 6.3. Synchronization between DNS Search List and Resolver Repository 538 When an IPv6 host receives the information of multiple DNSSL domain 539 names within a network (e.g., campus network and company network) 540 through an RA message with DNSSL option(s), it stores the DNSSL 541 domain names (in order) into both the DNS Search List and the 542 Resolver Repository. The processing of the DNSSL consists of (i) the 543 processing of DNSSL option(s) included in an RA message and (ii) the 544 handling of expired DNSSLs. The processing of DNSSL option(s) is as 545 follows: 547 Step (a): Receive and parse the DNSSL option(s). For the DNSSL 548 domain names in each DNSSL option, perform Step (b) through Step 549 (d). 551 Step (b): For each DNSSL domain name, check the following: If the 552 DNSSL domain name already exists in the DNS Search List and the 553 DNSSL option's Lifetime field is set to zero, delete the 554 corresponding DNSSL entry from both the DNS Search List and the 555 Resolver Repository in order to prevent the DNSSL domain name from 556 being used any more for certain reasons in network management, 557 e.g., the termination of the RDNSS or a renaming situation. That 558 is, the RDNSS can resign from its DNS service because the machine 559 running the RDNSS is out of service intentionally or 560 unintentionally. Also, under the renaming situation, the DNSSL 561 domain names will be changed, so the previous domain names should 562 not be used any more. The processing of this DNSSL domain name is 563 finished here. Otherwise, go to Step (c). 565 Step (c): For each DNSSL domain name, if it already exists in the 566 DNS Server List, then just update the value of the Expiration-time 567 field according to the procedure specified in the third bullet of 568 Section 6.1. Otherwise, go to Step (d). 570 Step (d): For each DNSSL domain name, if it does not exist in the 571 DNS Search List, register the DNSSL domain name and lifetime with 572 the DNS Search List and then insert the DNSSL domain name in front 573 of the Resolver Repository. In the case where the data structure 574 for the DNS Search List is full of DNSSL domain name entries (that 575 is, has more DNSSL domain names than the sufficient number 576 discussed in Section 5.3.1), delete from the DNS Server List the 577 entry with the shortest expiration time (i.e., the entry that will 578 expire first). The corresponding DNSSL domain name is also 579 deleted from the Resolver Repository. For the ordering of DNSSL 580 domain names in a DNSSL option, position the first DNSSL domain 581 name in the DNSSL option as the first one in the Resolver 582 Repository, the second DNSSL domain name in the option as the 583 second one in the repository, and so on. This ordering allows the 584 DNSSL domain names in the DNSSL option to be preferred according 585 to their order in the DNSSL option for the DNS domain name used by 586 the DNS query. The processing of these DNSSL domain name is 587 finished here. 589 The handling of expired DNSSLs is as follows: Whenever an entry 590 expires in the DNS Search List, the expired entry is deleted from 591 the DNS Search List, and also the DNSSL domain name corresponding 592 to the entry is deleted from the Resolver Repository. 594 7. Security Considerations 596 The security of the RA options for DNS configuration does not affect 597 ND protocol security [RFC4861]. This is because learning DNS 598 information via the RA options cannot be worse than learning bad 599 router information via the RA options. Thus, the vulnerability of ND 600 is not worse and is a subset of the attacks that any node attached to 601 a LAN can do independently of ND. A malicious node on a LAN can 602 promiscuously receive packets for any router's MAC address and send 603 packets with the router's MAC address as the source MAC address in 604 the L2 header. As a result, L2 switches send packets addressed to 605 the router to the malicious node. Also, this attack can send 606 redirects that tell the hosts to send their traffic somewhere else. 607 The malicious node can send unsolicited RA or Neighbor Advertisement 608 (NA) replies, answer RS or Neighbor Solicitation (NS) requests, etc. 609 Also, an attacker could send an RA with a fraudulent RDNSS address, 610 which is presumably an easier avenue of attack than becoming a rogue 611 router and having to process all traffic for the subnet. This attack 612 is similar to Neighbor Discovery attacks that use Redirect or 613 Neighbor Advertisement messages to redirect traffic to individual 614 addresses to malicious parties. In general, the attacks related to 615 RDNSS and DNSSL are similar to both Neighbor Discovery attacks and 616 attacks against unauthenticated DHCP, as both can be used for both 617 "wholesale" traffic redirection and more specific attacks. 619 If the Secure Neighbor Discovery (SEND) protocol [RFC3971] is used as 620 a security mechanism for ND, all the ND options including the RDNSS 621 and DNSSL options are automatically included in the signatures, so 622 the transport for the RA options is integrity-protected; that is, 623 SEND can prevent the spoofing of these DNS options with signatures. 624 Also, SEND enables an IPv6 host to verify that the sender of an RA is 625 actually a router authorized to act as a router. However, since any 626 valid SEND router can still insert RDNSS and DNSSL options, SEND 627 cannot verify which one is or is not authorized to send the options. 629 It is common for network devices such as switches to include 630 mechanisms to block unauthorized ports from running a DHCPv6 server 631 to provide protection from rogue DHCP servers. That means that an 632 attacker on other ports cannot insert bogus DNS servers using DHCPv6. 633 The corresponding technique for network devices is recommended to 634 block rogue Router Advertisement messages including the RDNSS and 635 DNSSL options from unauthorized nodes. 637 An attacker may provide a bogus DNS Search List option in order to 638 cause the victim to send DNS queries to a specific DNS server when 639 the victim queries non-fully qualified domain names. For this 640 attack, the DNS resolver in IPv6 hosts can mitigate the vulnerability 641 with the recommendations in [RFC1535], [RFC1536], and [RFC3646]. 643 8. IANA Considerations 645 The RDNSS option defined in this document is using the IPv6 Neighbor 646 Discovery Option type in RFC 5006 [RFC5006] assigned by the IANA as 647 follows: 649 Option Name Type 650 RDNSS option 25 652 The IANA is requested to assign a new IPv6 Neighbor Discovery Option 653 type for the DNSSL option defined in this document: 655 Option Name Type 656 DNSSL option (TBD) 658 The IANA registry for these options is: 660 http://www.iana.org/assignments/icmpv6-parameters 662 9. Acknowledgements 664 This document has greatly benefited from inputs by Robert Hinden, 665 Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik 666 Nordmark, Dan Wing, and Jari Arkko. The authors sincerely appreciate 667 their contributions. 669 10. References 671 10.1. Normative References 673 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 674 Requirement Levels", BCP 14, RFC 2119, March 1997. 676 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 677 "Neighbor Discovery for IP Version 6 (IPv6)", RFC 4861, 678 September 2007. 680 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 681 Address Autoconfiguration", RFC 4862, September 2007. 683 [RFC1035] Mockapetris, P., "Domain Names - Implementation and 684 Specification", RFC 1035, November 1987. 686 10.2. Informative References 688 [RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities", 689 RFC 1034, November 1987. 691 [RFC3315] Droms, R., Ed., "Dynamic Host Configuration Protocol for 692 IPv6 (DHCPv6)", RFC 3315, July 2003. 694 [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol 695 (DHCP) Service for IPv6", RFC 3736, April 2004. 697 [RFC3646] Droms, R., Ed., "DNS Configuration options for Dynamic 698 Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, 699 December 2003. 701 [RFC5006] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, 702 "IPv6 Router Advertisement Option for DNS Configuration", 703 RFC 5006, September 2007. 705 [RFC4339] Jeong, J., Ed., "IPv6 Host Configuration of DNS Server 706 Information Approaches", RFC 4339, February 2006. 708 [RFC3971] Arkko, J., Ed., "SEcure Neighbor Discovery (SEND)", 709 RFC 3971, March 2005. 711 [RFC5358] Damas, J. and F. Neves, "Preventing Use of Recursive 712 Nameservers in Reflector Attacks", BCP 140, RFC 5358, 713 October 2008. 715 [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: 716 Defeating Denial of Service Attacks which employ IP Source 717 Address Spoofing", BCP 38, RFC 2827, May 2000. 719 [RFC1535] Gavron, E., "A Security Problem and Proposed Correction 720 With Widely Deployed DNS Software", RFC 1535, 721 October 1993. 723 [RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. 724 Miller, "Common DNS Implementation Errors and Suggested 725 Fixes", RFC 1536, October 1993. 727 Appendix A. Changes from RFC 5006 729 The following changes were made from RFC 5006 "IPv6 Router 730 Advertisement Option for DNS Configuration": 732 o Added DNS Search List (DNSSL) Option to support the advertisement 733 of DNS suffixes used in the DNS search along with RDNSS Option in 734 RFC 5006. 736 o Clarified the coexistence of RA options and DHCP options for DNS 737 configuration. 739 o Modified the procedure in IPv6 host: 741 * Clarified the procedure for DNS options in an IPv6 host. 743 * Specified a sufficient number of RDNSS addresses or DNS search 744 domain names as three. 746 * Specified a way to deal with DNS options from multiple sources, 747 such as RA and DHCP. 749 o Modified implementation considerations for DNSSL Option handling. 751 o Modified security considerations to consider more attack scenarios 752 and the corresponding possible solutions. 754 o Modified IANA considerations to require another IPv6 Neighbor 755 Discovery Option type for DNSSL option. 757 Authors' Addresses 759 Jaehoon Paul Jeong 760 Brocade Communications Systems/ETRI 761 6000 Nathan Ln N 762 Plymouth, MN 55442 763 USA 765 Phone: +1 763 268 7173 766 Fax: +1 763 268 6800 767 EMail: pjeong@brocade.com 768 URI: http://www.cs.umn.edu/~jjeong/ 770 Soohong Daniel Park 771 Mobile Platform Laboratory 772 SAMSUNG Electronics 773 416 Maetan-3dong, Yeongtong-Gu 774 Suwon, Gyeonggi-Do 443-742 775 Korea 777 Phone: +82 31 200 4508 778 EMail: soohong.park@samsung.com 780 Luc Beloeil 781 France Telecom R&D 782 42, rue des coutures 783 BP 6243 784 14066 CAEN Cedex 4 785 France 787 Phone: +33 2 40 44 97 40 788 EMail: luc.beloeil@orange-ftgroup.com 790 Syam Madanapalli 791 Ordyn Technologies 792 1st Floor, Creator Building, ITPL 793 Bangalore - 560066 794 India 796 Phone: +91-80-40383000 797 EMail: smadanapalli@gmail.com