idnits 2.17.1 draft-ietf-6man-rdnss-rfc6106bis-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 10, 2015) is 3175 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3736 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 5006 (Obsoleted by RFC 6106) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Jeong 3 Internet-Draft Sungkyunkwan Univ./ETRI 4 Obsoletes: 6106 (if approved) S. Park 5 Intended status: Standards Track SAMSUNG Electronics 6 Expires: February 11, 2016 L. Beloeil 7 France Telecom R&D 8 S. Madanapalli 9 iRam Technologies 10 August 10, 2015 12 IPv6 Router Advertisement Options for DNS Configuration 13 draft-ietf-6man-rdnss-rfc6106bis-01 15 Abstract 17 This document specifies IPv6 Router Advertisement options to allow 18 IPv6 routers to advertise a list of DNS recursive server addresses 19 and a DNS Search List to IPv6 hosts. 21 This document obsoletes RFC 6106 and allows a higher default value of 22 the lifetime of the RA DNS options to avoid the frequent expiry of 23 the options on links with a relatively high rate of packet loss. 25 Status of This Memo 27 This Internet-Draft is submitted to IETF in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF), its areas, and its working groups. Note that 32 other groups may also distribute working documents as Internet- 33 Drafts. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 The list of current Internet-Drafts can be accessed at 41 http://www.ietf.org/ietf/1id-abstracts.txt. 43 The list of Internet-Draft Shadow Directories can be accessed at 44 http://www.ietf.org/shadow.html. 46 This Internet-Draft will expire on February 11, 2016. 48 Copyright Notice 49 Copyright (c) 2015 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 65 1.1. Applicability Statements . . . . . . . . . . . . . . . . . 3 66 1.2. Coexistence of RA Options and DHCP Options for DNS 67 Configuration . . . . . . . . . . . . . . . . . . . . . . 4 68 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 69 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 70 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 71 5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5 72 5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 5 73 5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 6 74 5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8 75 5.3.1. Procedure in IPv6 Host . . . . . . . . . . . . . . . . 8 76 5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9 77 6. Implementation Considerations . . . . . . . . . . . . . . . . 9 78 6.1. DNS Repository Management . . . . . . . . . . . . . . . . 9 79 6.2. Synchronization between DNS Server List and Resolver 80 Repository . . . . . . . . . . . . . . . . . . . . . . . . 10 81 6.3. Synchronization between DNS Search List and Resolver 82 Repository . . . . . . . . . . . . . . . . . . . . . . . . 11 83 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 84 7.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 12 85 7.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 13 86 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 87 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 88 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 89 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14 90 10.2. Informative References . . . . . . . . . . . . . . . . . . 15 91 Appendix A. Changes from RFC 5006 . . . . . . . . . . . . . . . . 16 92 Appendix B. Changes from RFC 6106 . . . . . . . . . . . . . . . . 16 94 1. Introduction 96 The purpose of this document is to standardize an IPv6 Router 97 Advertisement (RA) option for DNS Recursive Server Addresses used for 98 the DNS name resolution in IPv6 hosts. This RA option was specified 99 in an earlier Experimental specification [RFC5006]. This document is 100 also to define a new RA option for Domain Name Search Lists for an 101 enhanced DNS configuration. Thus, this document obsoletes [RFC5006], 102 which only defines the RA option for DNS Recursive Server Addresses. 104 Neighbor Discovery (ND) for IP version 6 and IPv6 stateless address 105 autoconfiguration provide ways to configure either fixed or mobile 106 nodes with one or more IPv6 addresses, default routers, and some 107 other parameters [RFC4861][RFC4862]. Most Internet services are 108 identified by using a DNS name. The two RA options defined in this 109 document provide the DNS information needed for an IPv6 host to reach 110 Internet services. 112 It is infeasible to manually configure nomadic hosts each time they 113 connect to a different network. While a one-time static 114 configuration is possible, it is generally not desirable on general- 115 purpose hosts such as laptops. For instance, locally defined name 116 spaces would not be available to the host if it were to run its own 117 name server software directly connected to the global DNS. 119 The DNS information can also be provided through DHCP [RFC3315] 120 [RFC3736][RFC3646]. However, the access to DNS is a fundamental 121 requirement for almost all hosts, so IPv6 stateless autoconfiguration 122 cannot stand on its own as an alternative deployment model in any 123 practical network without any support for DNS configuration. 125 These issues are not pressing in dual-stack networks as long as a DNS 126 server is available on the IPv4 side, but they become more critical 127 with the deployment of IPv6-only networks. As a result, this 128 document defines a mechanism based on IPv6 RA options to allow IPv6 129 hosts to perform the automatic DNS configuration. 131 1.1. Applicability Statements 133 RA-based DNS configuration is a useful alternative in networks where 134 an IPv6 host's address is autoconfigured through IPv6 stateless 135 address autoconfiguration and where there is either no DHCPv6 136 infrastructure at all or some hosts do not have a DHCPv6 client. The 137 intention is to enable the full configuration of basic networking 138 information for hosts without requiring DHCPv6. However, when in 139 many networks some additional information needs to be distributed, 140 those networks are likely to employ DHCPv6. In these networks, RA- 141 based DNS configuration may not be needed. 143 RA-based DNS configuration allows an IPv6 host to acquire the DNS 144 configuration (i.e., DNS recursive server addresses and DNS Search 145 List) for the link(s) to which the host is connected. Furthermore, 146 the host learns this DNS configuration from the same RA message that 147 provides configuration information for the link, thereby avoiding 148 also running DHCPv6. 150 The advantages and disadvantages of the RA-based approach are 151 discussed in [RFC4339] along with other approaches, such as the DHCP 152 and well-known anycast address approaches. 154 1.2. Coexistence of RA Options and DHCP Options for DNS Configuration 156 Two protocols exist to configure the DNS information on a host, the 157 Router Advertisement options described in this document and the 158 DHCPv6 options described in [RFC3646]. They can be used together. 159 The rules governing the decision to use stateful configuration 160 mechanisms are specified in [RFC4861]. Hosts conforming to this 161 specification MUST extract DNS information from Router Advertisement 162 messages, unless static DNS configuration has been specified by the 163 user. If there is DNS information available from multiple Router 164 Advertisements and/or from DHCP, the host MUST maintain an ordered 165 list of this information as specified in Section 5.3.1. 167 2. Requirements Language 169 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 170 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 171 document are to be interpreted as described in [RFC2119]. 173 3. Terminology 175 This document uses the terminology described in [RFC4861] and 176 [RFC4862]. In addition, four new terms are defined below: 178 o Recursive DNS Server (RDNSS): Server that provides a recursive DNS 179 resolution service for translating domain names into IP addresses 180 as defined in [RFC1034] and [RFC1035]. 182 o RDNSS Option: IPv6 RA option to deliver the RDNSS information to 183 IPv6 hosts [RFC4861]. 185 o DNS Search List (DNSSL): The list of DNS suffix domain names used 186 by IPv6 hosts when they perform DNS query searches for short, 187 unqualified domain names. 189 o DNSSL Option: IPv6 RA option to deliver the DNSSL information to 190 IPv6 hosts. 192 o DNS Repository: Two data structures for managing DNS Configuration 193 Information in the IPv6 protocol stack in addition to Neighbor 194 Cache and Destination Cache for Neighbor Discovery [RFC4861]. The 195 first data structure is the DNS Server List for RDNSS addresses 196 and the second is the DNS Search List for DNS search domain names. 198 o Resolver Repository: Configuration repository with RDNSS addresses 199 and a DNS Search List that a DNS resolver on the host uses for DNS 200 name resolution; for example, the Unix resolver file (i.e., /etc/ 201 resolv.conf) and Windows registry. 203 4. Overview 205 This document standardizes the ND option called the RDNSS option 206 defined in [RFC5006] that contains the addresses of recursive DNS 207 servers. This document also defines a new ND option called the DNSSL 208 option for the Domain Search List. This is to maintain parity with 209 the DHCPv6 options and to ensure that there is necessary 210 functionality to determine the search domains. 212 The existing ND message (i.e., Router Advertisement) is used to carry 213 this information. An IPv6 host can configure the IPv6 addresses of 214 one or more RDNSSes via RA messages. Through the RDNSS and DNSSL 215 options, along with the prefix information option based on the ND 216 protocol ([RFC4861] and [RFC4862]), an IPv6 host can perform the 217 network configuration of its IPv6 address and the DNS information 218 simultaneously without needing DHCPv6 for the DNS configuration. The 219 RA options for RDNSS and DNSSL can be used on any network that 220 supports the use of ND. 222 This approach requires the manual configuration or other automatic 223 mechanisms (e.g., DHCPv6 or vendor proprietary configuration 224 mechanisms) to configure the DNS information in routers sending the 225 advertisements. The automatic configuration of RDNSS addresses and a 226 DNS Search List in routers is out of scope for this document. 228 5. Neighbor Discovery Extension 230 The IPv6 DNS configuration mechanism in this document needs two new 231 ND options in Neighbor Discovery: (i) the Recursive DNS Server 232 (RDNSS) option and (ii) the DNS Search List (DNSSL) option. 234 5.1. Recursive DNS Server Option 236 The RDNSS option contains one or more IPv6 addresses of recursive DNS 237 servers. All of the addresses share the same Lifetime value. If it 238 is desirable to have different Lifetime values, multiple RDNSS 239 options can be used. Figure 1 shows the format of the RDNSS option. 241 0 1 2 3 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 | Type | Length | Reserved | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 246 | Lifetime | 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | | 249 : Addresses of IPv6 Recursive DNS Servers : 250 | | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 Figure 1: Recursive DNS Server (RDNSS) Option Format 255 Fields: 256 Type 8-bit identifier of the RDNSS option type as assigned 257 by the IANA: 25 259 Length 8-bit unsigned integer. The length of the option 260 (including the Type and Length fields) is in units of 261 8 octets. The minimum value is 3 if one IPv6 address 262 is contained in the option. Every additional RDNSS 263 address increases the length by 2. The Length field 264 is used by the receiver to determine the number of 265 IPv6 addresses in the option. 267 Lifetime 32-bit unsigned integer. The maximum time, in 268 seconds (relative to the time the packet is sent), 269 over which this RDNSS address MAY be used for name 270 resolution. The value of Lifetime SHOULD by default 271 be at least 3 * MaxRtrAdvInterval where 272 MaxRtrAdvInterval is the Maximum RA Interval defined 273 in [RFC4861]. A value of all one bits (0xffffffff) 274 represents infinity. A value of zero means that the 275 RDNSS address MUST no longer be used. 277 Addresses of IPv6 Recursive DNS Servers 278 One or more 128-bit IPv6 addresses of the recursive 279 DNS servers. The number of addresses is determined 280 by the Length field. That is, the number of 281 addresses is equal to (Length - 1) / 2. 283 5.2. DNS Search List Option 285 The DNSSL option contains one or more domain names of DNS suffixes. 286 All of the domain names share the same Lifetime value. If it is 287 desirable to have different Lifetime values, multiple DNSSL options 288 can be used. Figure 2 shows the format of the DNSSL option. 290 0 1 2 3 291 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 | Type | Length | Reserved | 294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 295 | Lifetime | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 | | 298 : Domain Names of DNS Search List : 299 | | 300 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 302 Figure 2: DNS Search List (DNSSL) Option Format 304 Fields: 305 Type 8-bit identifier of the DNSSL option type as assigned 306 by the IANA: 31 308 Length 8-bit unsigned integer. The length of the option 309 (including the Type and Length fields) is in units of 310 8 octets. The minimum value is 2 if at least one 311 domain name is contained in the option. The Length 312 field is set to a multiple of 8 octets to accommodate 313 all the domain names in the field of Domain Names of 314 DNS Search List. 316 Lifetime 32-bit unsigned integer. The maximum time, in 317 seconds (relative to the time the packet is sent), 318 over which this DNSSL domain name MAY be used for 319 name resolution. The Lifetime value has the same 320 semantics as with the RDNSS option. That is, 321 Lifetime SHOULD by default be at least 322 3 * MaxRtrAdvInterval. A value of all one bits 323 (0xffffffff) represents infinity. A value of zero 324 means that the DNSSL domain name MUST no longer be 325 used. 327 Domain Names of DNS Search List 328 One or more domain names of DNS Search List that MUST 329 be encoded using the technique described in Section 330 3.1 of [RFC1035]. By this technique, each domain 331 name is represented as a sequence of labels ending in 332 a zero octet, defined as domain name representation. 333 For more than one domain name, the corresponding 334 domain name representations are concatenated as they 335 are. Note that for the simple decoding, the domain 336 names MUST NOT be encoded in a compressed form, as 337 described in Section 4.1.4 of [RFC1035]. Because the 338 size of this field MUST be a multiple of 8 octets, 339 for the minimum multiple including the domain name 340 representations, the remaining octets other than the 341 encoding parts of the domain name representations 342 MUST be padded with zeros. 344 5.3. Procedure of DNS Configuration 346 The procedure of DNS configuration through the RDNSS and DNSSL 347 options is the same as with any other ND option [RFC4861]. 349 5.3.1. Procedure in IPv6 Host 351 When an IPv6 host receives DNS options (i.e., RDNSS option and DNSSL 352 option) through RA messages, it processes the options as follows: 354 o The validity of DNS options is checked with the Length field; that 355 is, the value of the Length field in the RDNSS option is greater 356 than or equal to the minimum value (3), and the value of the 357 Length field in the DNSSL option is greater than or equal to the 358 minimum value (2). 360 o If the DNS options are valid, the host SHOULD copy the values of 361 the options into the DNS Repository and the Resolver Repository in 362 order. Otherwise, the host MUST discard the options. Refer to 363 Section 6 for the detailed procedure. 365 In the case where the DNS options of RDNSS and DNSSL can be obtained 366 from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep 367 some DNS options from all sources. Unless explicitly specified for 368 the discovery mechanism, the exact number of addresses and domain 369 names to keep is a matter of local policy and implementation choice. 370 However, the ability to store at least three RDNSS addresses (or 371 DNSSL domain names) from at least two different sources is 372 RECOMMENDED. The DNS options from Router Advertisements and DHCP 373 SHOULD be stored into the DNS Repository and Resolver Repository so 374 that information from DHCP appears there first and therefore takes 375 precedence. Thus, the DNS information from DHCP takes precedence 376 over that from RA for DNS queries. On the other hand, for DNS 377 options announced by RA, if some RAs use the Secure Neighbor 378 Discovery (SEND) protocol [RFC3971] for RA security, they MUST be 379 preferred over those that do not use SEND. Refer to Section 7 for 380 the detailed discussion on SEND for RA DNS options. 382 5.3.2. Warnings for DNS Options Configuration 384 There are two warnings for DNS options configuration: (i) warning for 385 multiple sources of DNS options and (ii) warning for multiple network 386 interfaces. First, in the case of multiple sources for DNS options 387 (e.g., RA and DHCP), an IPv6 host can configure its IP addresses from 388 these sources. In this case, it is not possible to control how the 389 host uses DNS information and what source addresses it uses to send 390 DNS queries. As a result, configurations where different information 391 is provided by different sources may lead to problems. Therefore, 392 the network administrator needs to configure DNS options in multiple 393 sources in order to prevent such problems from happening. 395 Second, if different DNS information is provided on different network 396 interfaces, this can lead to inconsistent behavior. The IETF is 397 working on solving this problem for both DNS and other information 398 obtained by multiple interfaces [MIF-PROBLEM][MIF-PRACTICE]. 400 6. Implementation Considerations 402 Note: This non-normative section gives some hints for implementing 403 the processing of the RDNSS and DNSSL options in an IPv6 host. 405 For the configuration and management of DNS information, the 406 advertised DNS configuration information can be stored and managed in 407 both the DNS Repository and the Resolver Repository. 409 In environments where the DNS information is stored in user space and 410 ND runs in the kernel, it is necessary to synchronize the DNS 411 information (i.e., RDNSS addresses and DNS search domain names) in 412 kernel space and the Resolver Repository in user space. For the 413 synchronization, an implementation where ND works in the kernel 414 should provide a write operation for updating DNS information from 415 the kernel to the Resolver Repository. One simple approach is to 416 have a daemon (or a program that is called at defined intervals) that 417 keeps monitoring the Lifetimes of RDNSS addresses and DNS search 418 domain names all the time. Whenever there is an expired entry in the 419 DNS Repository, the daemon can delete the corresponding entry from 420 the Resolver Repository. 422 6.1. DNS Repository Management 424 For DNS repository management, the kernel or user-space process 425 (depending on where RAs are processed) should maintain two data 426 structures: (i) DNS Server List that keeps the list of RDNSS 427 addresses and (ii) DNS Search List that keeps the list of DNS search 428 domain names. Each entry in these two lists consists of a pair of an 429 RDNSS address (or DNSSL domain name) and Expiration-time as follows: 431 o RDNSS address for DNS Server List: IPv6 address of the Recursive 432 DNS Server, which is available for recursive DNS resolution 433 service in the network advertising the RDNSS option. 435 o DNSSL domain name for DNS Search List: DNS suffix domain names, 436 which are used to perform DNS query searches for short, 437 unqualified domain names in the network advertising the DNSSL 438 option. 440 o Expiration-time for DNS Server List or DNS Search List: The time 441 when this entry becomes invalid. Expiration-time is set to the 442 value of the Lifetime field of the RDNSS option or DNSSL option 443 plus the current system time. Whenever a new RDNSS option with 444 the same address (or DNSSL option with the same domain name) is 445 received on the same interface as a previous RDNSS option (or 446 DNSSL option), this field is updated to have a new Expiration- 447 time. When Expiration-time becomes less than the current system 448 time, this entry is regarded as expired. 450 6.2. Synchronization between DNS Server List and Resolver Repository 452 When an IPv6 host receives the information of multiple RDNSS 453 addresses within a network (e.g., campus network and company network) 454 through an RA message with RDNSS option(s), it stores the RDNSS 455 addresses (in order) into both the DNS Server List and the Resolver 456 Repository. The processing of the RDNSS consists of (i) the 457 processing of RDNSS option(s) included in an RA message and (ii) the 458 handling of expired RDNSSes. The processing of RDNSS option(s) is as 459 follows: 461 Step (a): Receive and parse the RDNSS option(s). For the RDNSS 462 addresses in each RDNSS option, perform Steps (b) through (d). 464 Step (b): For each RDNSS address, check the following: If the 465 RDNSS address already exists in the DNS Server List and the RDNSS 466 option's Lifetime field is set to zero, delete the corresponding 467 RDNSS entry from both the DNS Server List and the Resolver 468 Repository in order to prevent the RDNSS address from being used 469 any more for certain reasons in network management, e.g., the 470 termination of the RDNSS or a renumbering situation. That is, the 471 RDNSS can resign from its DNS service because the machine running 472 the RDNSS is out of service intentionally or unintentionally. 473 Also, under the renumbering situation, the RDNSS's IPv6 address 474 will be changed, so the previous RDNSS address should not be used 475 any more. The processing of this RDNSS address is finished here. 476 Otherwise, go to Step (c). 478 Step (c): For each RDNSS address, if it already exists in the DNS 479 Server List, then just update the value of the Expiration-time 480 field according to the procedure specified in the third bullet of 481 Section 6.1. Otherwise, go to Step (d). 483 Step (d): For each RDNSS address, if it does not exist in the DNS 484 Server List, register the RDNSS address and Lifetime with the DNS 485 Server List and then insert the RDNSS address in front of the 486 Resolver Repository. In the case where the data structure for the 487 DNS Server List is full of RDNSS entries (that is, has more 488 RDNSSes than the sufficient number discussed in Section 5.3.1), 489 delete from the DNS Server List the entry with the shortest 490 Expiration-time (i.e., the entry that will expire first). The 491 corresponding RDNSS address is also deleted from the Resolver 492 Repository. For the ordering of RDNSS addresses in an RDNSS 493 option, position the first RDNSS address in the RDNSS option as 494 the first one in the Resolver Repository, the second RDNSS address 495 in the option as the second one in the repository, and so on. 496 This ordering allows the RDNSS addresses in the RDNSS option to be 497 preferred according to their order in the RDNSS option for the DNS 498 name resolution. The processing of these RDNSS addresses is 499 finished here. 501 The handling of expired RDNSSes is as follows: Whenever an entry 502 expires in the DNS Server List, the expired entry is deleted from the 503 DNS Server List, and also the RDNSS address corresponding to the 504 entry is deleted from the Resolver Repository. 506 6.3. Synchronization between DNS Search List and Resolver Repository 508 When an IPv6 host receives the information of multiple DNSSL domain 509 names within a network (e.g., campus network and company network) 510 through an RA message with DNSSL option(s), it stores the DNSSL 511 domain names (in order) into both the DNS Search List and the 512 Resolver Repository. The processing of the DNSSL consists of (i) the 513 processing of DNSSL option(s) included in an RA message and (ii) the 514 handling of expired DNSSLs. The processing of DNSSL option(s) is as 515 follows: 517 Step (a): Receive and parse the DNSSL option(s). For the DNSSL 518 domain names in each DNSSL option, perform Steps (b) through (d). 520 Step (b): For each DNSSL domain name, check the following: If the 521 DNSSL domain name already exists in the DNS Search List and the 522 DNSSL option's Lifetime field is set to zero, delete the 523 corresponding DNSSL entry from both the DNS Search List and the 524 Resolver Repository in order to prevent the DNSSL domain name from 525 being used any more for certain reasons in network management, 526 e.g., the termination of the RDNSS or a renaming situation. That 527 is, the RDNSS can resign from its DNS service because the machine 528 running the RDNSS is out of service intentionally or 529 unintentionally. Also, under the renaming situation, the DNSSL 530 domain names will be changed, so the previous domain names should 531 not be used any more. The processing of this DNSSL domain name is 532 finished here. Otherwise, go to Step (c). 534 Step (c): For each DNSSL domain name, if it already exists in the 535 DNS Server List, then just update the value of the Expiration-time 536 field according to the procedure specified in the third bullet of 537 Section 6.1. Otherwise, go to Step (d). 539 Step (d): For each DNSSL domain name, if it does not exist in the 540 DNS Search List, register the DNSSL domain name and Lifetime with 541 the DNS Search List and then insert the DNSSL domain name in front 542 of the Resolver Repository. In the case where the data structure 543 for the DNS Search List is full of DNSSL domain name entries (that 544 is, has more DNSSL domain names than the sufficient number 545 discussed in Section 5.3.1), delete from the DNS Server List the 546 entry with the shortest Expiration-time (i.e., the entry that will 547 expire first). The corresponding DNSSL domain name is also 548 deleted from the Resolver Repository. For the ordering of DNSSL 549 domain names in a DNSSL option, position the first DNSSL domain 550 name in the DNSSL option as the first one in the Resolver 551 Repository, the second DNSSL domain name in the option as the 552 second one in the repository, and so on. This ordering allows the 553 DNSSL domain names in the DNSSL option to be preferred according 554 to their order in the DNSSL option for the DNS domain name used by 555 the DNS query. The processing of these DNSSL domain name is 556 finished here. 558 The handling of expired DNSSLs is as follows: Whenever an entry 559 expires in the DNS Search List, the expired entry is deleted from 560 the DNS Search List, and also the DNSSL domain name corresponding 561 to the entry is deleted from the Resolver Repository. 563 7. Security Considerations 565 In this section, we analyze security threats related to DNS options 566 and then suggest recommendations to cope with such security threats. 568 7.1. Security Threats 570 For the RDNSS option, an attacker could send an RA with a fraudulent 571 RDNSS address, misleading IPv6 hosts into contacting an unintended 572 DNS server for DNS name resolution. Also, for the DNSSL option, an 573 attacker can let IPv6 hosts resolve a host name without a DNS suffix 574 into an unintended host's IP address with a fraudulent DNS Search 575 List. 577 These attacks are similar to Neighbor Discovery attacks that use 578 Redirect or Neighbor Advertisement messages to redirect traffic to 579 individual addresses of malicious parties. That is, as a rogue 580 router, a malicious node on a LAN can promiscuously receive packets 581 for any router's Media Access Control (MAC) address and send packets 582 with the router's MAC address as the source MAC address in the Layer 583 2 (L2) header. As a result, L2 switches send packets addressed to 584 the router to the malicious node. Also, this attack can send 585 redirects that tell the hosts to send their traffic somewhere else. 586 The malicious node can send unsolicited RA or Neighbor Advertisement 587 (NA) replies, answer RS or Neighbor Solicitation (NS) requests, etc. 588 Thus, the attacks related to RDNSS and DNSSL are similar to both 589 Neighbor Discovery attacks and attacks against unauthenticated DHCP, 590 as both can be used for both "wholesale" traffic redirection and more 591 specific attacks. 593 However, the security of these RA options for DNS configuration does 594 not affect ND protocol security [RFC4861]. This is because learning 595 DNS information via the RA options cannot be worse than learning bad 596 router information via the RA options. Therefore, the vulnerability 597 of ND is not worse and is a subset of the attacks that any node 598 attached to a LAN can do independently of ND. 600 7.2. Recommendations 602 The Secure Neighbor Discovery (SEND) protocol [RFC3971] is used as a 603 security mechanism for ND. It is RECOMMENDED that ND use SEND to 604 allow all the ND options including the RDNSS and DNSSL options to be 605 automatically included in the signatures. Through SEND, the 606 transport for the RA options is integrity protected; that is, SEND 607 can prevent the spoofing of these DNS options with signatures. Also, 608 SEND enables an IPv6 host to verify that the sender of an RA is 609 actually a router authorized to act as a router. However, since any 610 valid SEND router can still insert RDNSS and DNSSL options, the 611 current SEND cannot verify which one is or is not authorized to send 612 the options. Thus, this verification of the authorized routers for 613 ND options will be required. [CSI-SEND-CERT] specifies the usage of 614 extended key for the certificate deployed in SEND. This document 615 defines the roles of routers (i.e., routers acting as proxy and 616 address owner) and explains the authorization of the roles. The 617 mechanism in this document can be extended to verify which routers 618 are authorized to insert RDNSS and DNSSL options. 620 It is common for network devices such as switches to include 621 mechanisms to block unauthorized ports from running a DHCPv6 server 622 to provide protection from rogue DHCP servers. That means that an 623 attacker on other ports cannot insert bogus DNS servers using DHCPv6. 624 The corresponding technique for network devices is RECOMMENDED to 625 block rogue Router Advertisement messages including the RDNSS and 626 DNSSL options from unauthorized nodes. 628 An attacker may provide a bogus DNS Search List option in order to 629 cause the victim to send DNS queries to a specific DNS server when 630 the victim queries non-FQDNs (fully qualified domain names). For 631 this attack, the DNS resolver in IPv6 hosts can mitigate the 632 vulnerability with the recommendations mentioned in [RFC1535], 633 [RFC1536], and [RFC3646]. 635 8. IANA Considerations 637 The RDNSS option defined in this document uses the IPv6 Neighbor 638 Discovery Option type defined in RFC 5006 [RFC5006], which was 639 assigned by the IANA as follows: 641 Option Name Type 642 Recursive DNS Server Option 25 644 The IANA has assigned a new IPv6 Neighbor Discovery Option type for 645 the DNSSL option defined in this document: 647 Option Name Type 648 DNS Search List Option 31 650 These options have been registered in the "Internet Control Message 651 Protocol version 6 (ICMPv6) Parameters" registry 652 (http://www.iana.org). 654 9. Acknowledgements 656 This document has greatly benefited from inputs by Robert Hinden, 657 Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik 658 Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony 659 Cheneau, Fernando Gont and Jen Linkova. The authors sincerely 660 appreciate their contributions. 662 10. References 664 10.1. Normative References 666 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 667 Requirement Levels", BCP 14, RFC 2119, March 1997. 669 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. 671 Soliman, "Neighbor Discovery for IP version 6 672 (IPv6)", RFC 4861, September 2007. 674 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 675 Stateless Address Autoconfiguration", RFC 4862, 676 September 2007. 678 [RFC1035] Mockapetris, P., "Domain names - implementation and 679 specification", STD 13, RFC 1035, November 1987. 681 10.2. Informative References 683 [RFC1034] Mockapetris, P., "Domain names - concepts and 684 facilities", STD 13, RFC 1034, November 1987. 686 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, 687 C., and M. Carney, "Dynamic Host Configuration 688 Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. 690 [RFC3736] Droms, R., "Stateless Dynamic Host Configuration 691 Protocol (DHCP) Service for IPv6", RFC 3736, 692 April 2004. 694 [RFC3646] Droms, R., "DNS Configuration options for Dynamic 695 Host Configuration Protocol for IPv6 (DHCPv6)", 696 RFC 3646, December 2003. 698 [RFC5006] Jeong, J., Park, S., Beloeil, L., and S. 699 Madanapalli, "IPv6 Router Advertisement Option for 700 DNS Configuration", RFC 5006, September 2007. 702 [RFC4339] Jeong, J., "IPv6 Host Configuration of DNS Server 703 Information Approaches", RFC 4339, February 2006. 705 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, 706 "SEcure Neighbor Discovery (SEND)", RFC 3971, 707 March 2005. 709 [RFC1535] Gavron, E., "A Security Problem and Proposed 710 Correction With Widely Deployed DNS Software", 711 RFC 1535, October 1993. 713 [RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and 714 S. Miller, "Common DNS Implementation Errors and 715 Suggested Fixes", RFC 1536, October 1993. 717 [MIF-PROBLEM] Blanchet, M. and P. Seite, "Multiple Interfaces 718 Problem Statement", Work in Progress, August 2010. 720 [MIF-PRACTICE] Wasserman, M. and P. Seite, "Current Practices for 721 Multiple Interface Hosts", Work in Progress, 722 August 2010. 724 [CSI-SEND-CERT] Gagliano, R., Krishnan, S., and A. Kukec, 725 "Certificate profile and certificate management for 726 SEND", Work in Progress, October 2010. 728 Appendix A. Changes from RFC 5006 730 The following changes were made from RFC 5006 "IPv6 Router 731 Advertisement Option for DNS Configuration": 733 o Added the DNS Search List (DNSSL) option to support the 734 advertisement of DNS suffixes used in the DNS search along with 735 RDNSS option in RFC 5006. 737 o Clarified the coexistence of RA options and DHCP options for DNS 738 configuration. 740 o Modified the procedure in IPv6 host: 742 * Clarified the procedure for DNS options in an IPv6 host. 744 * Specified a sufficient number of RDNSS addresses or DNS search 745 domain names as three. 747 * Specified a way to deal with DNS options from multiple sources, 748 such as RA and DHCP. 750 o Modified the implementation considerations for DNSSL option 751 handling. 753 o Modified the security considerations to consider more attack 754 scenarios and the corresponding possible solutions. 756 o Modified the IANA considerations to require another IPv6 Neighbor 757 Discovery Option type for the DNSSL option. 759 Appendix B. Changes from RFC 6106 761 The lifetime's upper bound of 2 * MaxRtrAdvInterval was shown to lead 762 to the expiry of these options on links with a relatively high rate 763 of packet loss. This revision relaxes the upper bound and sets a 764 higher default value to avoid this problem. 766 Authors' Addresses 768 Jaehoon Paul Jeong 769 Sungkyunkwan University/ETRI 770 2066 Seobu-Ro, Jangan-Gu 771 Suwon, Gyeonggi-Do 440-746 772 Republic of Korea 774 Phone: +82 31 299 4957 775 Fax: +82 31 299 7996 776 EMail: pauljeong@skku.edu 777 URI: http://cpslab.skku.edu/people-jaehoon-jeong.php 779 Soohong Daniel Park 780 Digital Media & Communications R&D Center 781 SAMSUNG Electronics 782 416 Maetan-3dong, Yeongtong-Gu 783 Suwon, Gyeonggi-Do 443-742 784 Republic of Korea 786 Phone: +82 31 279 8876 787 EMail: soohong.park@samsung.com 789 Luc Beloeil 790 France Telecom R&D 791 42, rue des coutures 792 BP 6243 793 14066 CAEN Cedex 4 794 France 796 Phone: +33 2 40 44 97 40 797 EMail: luc.beloeil@orange-ftgroup.com 799 Syam Madanapalli 800 iRam Technologies 801 #H304, Shriram Samruddhi, Thubarahalli 802 Bangalore - 560066 803 India 805 EMail: smadanapalli@gmail.com