idnits 2.17.1 draft-ietf-6man-rdnss-rfc6106bis-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 17, 2017) is 2646 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3736 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 6106 (Obsoleted by RFC 8106) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Jeong 3 Internet-Draft Sungkyunkwan University 4 Obsoletes: 6106 (if approved) S. Park 5 Intended status: Standards Track Samsung Electronics 6 Expires: July 21, 2017 L. Beloeil 7 France Telecom R&D 8 S. Madanapalli 9 iRam Technologies 10 January 17, 2017 12 IPv6 Router Advertisement Options for DNS Configuration 13 draft-ietf-6man-rdnss-rfc6106bis-15 15 Abstract 17 This document specifies IPv6 Router Advertisement (RA) options 18 (called DNS RA options) to allow IPv6 routers to advertise a list of 19 DNS recursive server addresses and a DNS Search List to IPv6 hosts. 21 This document, which obsoletes RFC 6106, defines a higher default 22 value of the lifetime of the DNS RA options to reduce the likelihood 23 of expiry of the options on links with a relatively high rate of 24 packet loss. 26 Status of This Memo 28 This Internet-Draft is submitted to IETF in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF), its areas, and its working groups. Note that 33 other groups may also distribute working documents as Internet- 34 Drafts. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 The list of current Internet-Drafts can be accessed at 42 http://www.ietf.org/ietf/1id-abstracts.txt. 44 The list of Internet-Draft Shadow Directories can be accessed at 45 http://www.ietf.org/shadow.html. 47 This Internet-Draft will expire on July 21, 2017. 49 Copyright Notice 51 Copyright (c) 2017 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 1.1. Applicability Statements . . . . . . . . . . . . . . . . . 3 68 1.2. Coexistence of RA Options and DHCP Options for DNS 69 Configuration . . . . . . . . . . . . . . . . . . . . . . 4 70 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 71 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 72 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 73 5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5 74 5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 5 75 5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7 76 5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8 77 5.3.1. Procedure in IPv6 Hosts . . . . . . . . . . . . . . . 8 78 5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9 79 6. Implementation Considerations . . . . . . . . . . . . . . . . 10 80 6.1. DNS Repository Management . . . . . . . . . . . . . . . . 10 81 6.2. Synchronization between DNS Server List and Resolver 82 Repository . . . . . . . . . . . . . . . . . . . . . . . . 11 83 6.3. Synchronization between DNS Search List and Resolver 84 Repository . . . . . . . . . . . . . . . . . . . . . . . . 12 85 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 86 7.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 12 87 7.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 12 88 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 89 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 90 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 91 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14 92 10.2. Informative References . . . . . . . . . . . . . . . . . . 14 93 Appendix A. Changes from RFC 6106 . . . . . . . . . . . . . . . . 16 95 1. Introduction 97 The purpose of this document is to standardize IPv6 Router 98 Advertisement (RA) options (DNS RA options) for DNS Recursive Server 99 Addresses used for the DNS name resolution in IPv6 hosts, and also 100 for a DNS Search List of domain suffixes. 102 Neighbor Discovery (ND) for IP version 6 and IPv6 Stateless Address 103 Autoconfiguration (SLAAC) provide ways to configure either fixed or 104 mobile nodes with one or more IPv6 addresses, default routers, and 105 some other parameters [RFC4861][RFC4862]. 107 It is infeasible to manually configure nomadic hosts each time they 108 connect to a different network. While a one-time static 109 configuration is possible, it is generally not desirable on general- 110 purpose hosts such as laptops. For instance, locally defined name 111 spaces would not be available to the host if it were to run its own 112 recursive name server directly connected to the global DNS. 114 The DNS information can also be provided through DHCPv6 [RFC3315] 115 [RFC3736][RFC3646]. However, the access to DNS is a fundamental 116 requirement for almost all hosts, so IPv6 stateless autoconfiguration 117 cannot stand on its own as an alternative deployment model in any 118 practical network without any support for DNS configuration. 120 These issues are not pressing in dual-stack networks as long as a DNS 121 server is available on the IPv4 side, but they become more critical 122 with the deployment of IPv6-only networks. As a result, this 123 document defines a mechanism based on DNS RA options to allow IPv6 124 hosts to perform the automatic DNS configuration. 126 1.1. Applicability Statements 128 RA-based DNS configuration is a useful alternative in networks where 129 an IPv6 host's address is autoconfigured through IPv6 stateless 130 address autoconfiguration and where there is either no DHCPv6 131 infrastructure at all or some hosts do not have a DHCPv6 client. The 132 intention is to enable the full configuration of basic networking 133 information for hosts without requiring DHCPv6. However, for 134 networks that need to distribute additional information, DHCPv6 is 135 likely to be employed. In these networks, RA-based DNS configuration 136 may not be needed. 138 RA-based DNS configuration allows an IPv6 host to acquire the DNS 139 configuration (i.e., DNS recursive server addresses and DNS Search 140 List) for the link(s) to which the host is connected. Furthermore, 141 the host learns this DNS configuration from the same RA message that 142 provides configuration information for the link. 144 The advantages and disadvantages of the RA-based approach are 145 discussed in [RFC4339] along with other approaches, such as the DHCP 146 and well-known anycast address approaches. 148 1.2. Coexistence of RA Options and DHCP Options for DNS Configuration 150 Two protocols exist to configure the DNS information on a host, the 151 Router Advertisement options specified in this document and the 152 DHCPv6 options specified in [RFC3646]. They can be used together. 153 The rules governing the decision to use stateful configuration 154 mechanisms are specified in [RFC4861]. Hosts conforming to this 155 specification MUST extract DNS information from Router Advertisement 156 messages, unless static DNS configuration has been specified by the 157 user. If there is DNS information available from multiple Router 158 Advertisements and/or from DHCP, the host MUST maintain an ordered 159 list of this information as specified in Section 5.3.1. 161 2. Requirements Language 163 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 164 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 165 document are to be interpreted as described in [RFC2119]. 167 3. Terminology 169 This document uses the terminology defined in [RFC4861] and 170 [RFC4862]. In addition, four new terms are defined below: 172 o Recursive DNS Server (RDNSS): Server that provides a recursive DNS 173 resolution service for translating domain names into IP addresses 174 or resolving PTR records, as defined in [RFC1034] and [RFC1035]. 176 o RDNSS Option: IPv6 RA option to deliver the RDNSS information to 177 IPv6 hosts [RFC4861]. 179 o DNS Search List (DNSSL): The list of DNS suffix domain names used 180 by IPv6 hosts when they perform DNS query searches for short, 181 unqualified domain names. 183 o DNSSL Option: IPv6 RA option to deliver the DNSSL information to 184 IPv6 hosts. 186 o DNS Repository: Two data structures for managing DNS Configuration 187 Information in the IPv6 protocol stack in addition to Neighbor 188 Cache and Destination Cache for Neighbor Discovery [RFC4861]. The 189 first data structure is the DNS Server List for RDNSS addresses 190 and the second is the DNS Search List for DNS search domain names. 192 o Resolver Repository: Configuration repository with RDNSS addresses 193 and a DNS Search List that a DNS resolver on the host uses for DNS 194 name resolution; for example, the Unix resolver file (i.e., /etc/ 195 resolv.conf) and Windows registry. 197 4. Overview 199 This document standardizes the ND option called the RDNSS option that 200 contains the addresses of recursive DNS servers. This document also 201 standardizes the ND option called the DNSSL option that contains the 202 Domain Search List. This is to maintain parity with the DHCPv6 203 options and to ensure that there is necessary functionality to 204 determine the search domains. 206 The existing ND message (i.e., Router Advertisement) is used to carry 207 this information. An IPv6 host can configure the IPv6 addresses of 208 one or more RDNSSes via RA messages. Through the RDNSS and DNSSL 209 options, along with the prefix information option based on the ND 210 protocol ([RFC4861] and [RFC4862]), an IPv6 host can perform the 211 network configuration of its IPv6 address and the DNS information 212 simultaneously without needing DHCPv6 for the DNS configuration. The 213 RA options for RDNSS and DNSSL can be used on networks that support 214 the use of ND. 216 This approach requires the manual configuration or other automatic 217 mechanisms (e.g., DHCPv6 or vendor proprietary configuration 218 mechanisms) to configure the DNS information in routers sending the 219 advertisements. The automatic configuration of RDNSS addresses and a 220 DNS Search List in routers is out of scope for this document. 222 5. Neighbor Discovery Extension 224 The IPv6 DNS configuration mechanism in this document needs two ND 225 options in Neighbor Discovery: (i) the Recursive DNS Server (RDNSS) 226 option and (ii) the DNS Search List (DNSSL) option. 228 5.1. Recursive DNS Server Option 230 The RDNSS option contains one or more IPv6 addresses of recursive DNS 231 servers. All of the addresses share the same Lifetime value. If it 232 is desirable to have different Lifetime values, multiple RDNSS 233 options can be used. Figure 1 shows the format of the RDNSS option. 235 0 1 2 3 236 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 238 | Type | Length | Reserved | 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | Lifetime | 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 | | 243 : Addresses of IPv6 Recursive DNS Servers : 244 | | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 Figure 1: Recursive DNS Server (RDNSS) Option Format 249 Fields: 250 Type 8-bit identifier of the RDNSS option type as assigned 251 by the IANA: 25 253 Length 8-bit unsigned integer. The length of the option 254 (including the Type and Length fields) is in units of 255 8 octets. The minimum value is 3 if one IPv6 address 256 is contained in the option. Every additional RDNSS 257 address increases the length by 2. The Length field 258 is used by the receiver to determine the number of 259 IPv6 addresses in the option. 261 Lifetime 32-bit unsigned integer. The maximum time in 262 seconds (relative to the time the packet is received) 263 over which these RDNSS addresses MAY be used for name 264 resolution. The value of Lifetime SHOULD by default 265 be at least 3 * MaxRtrAdvInterval where 266 MaxRtrAdvInterval is the Maximum RA Interval defined 267 in [RFC4861]. A value of all one bits (0xffffffff) 268 represents infinity. A value of zero means that the 269 RDNSS addresses MUST no longer be used. 271 Addresses of IPv6 Recursive DNS Servers 272 One or more 128-bit IPv6 addresses of the recursive 273 DNS servers. The number of addresses is determined 274 by the Length field. That is, the number of 275 addresses is equal to (Length - 1) / 2. 277 Note: The addresses for recursive DNS servers in the RDNSS option 278 MAY be link-local addresses. Such link-local addresses SHOULD be 279 registered into the resolver repository along with the 280 corresponding link zone indices of the links that receive the 281 RDNSS option(s) for them. The link-local addresses MAY be 282 represented in the resolver repository with their link zone 283 indices in the textual format for scoped addresses as described in 284 [RFC4007]. When a resolver sends a DNS query message to an RDNSS 285 identified by a link-local address, it MUST use the corresponding 286 link. 288 The rationale of the default value of the Lifetime field is as 289 follows. Router Lifetime set by AdvDefaultLifetime has the 290 default of 3 * MaxRtrAdvInterval in [RFC4861], so such a default 291 or a larger default can allow for the reliability of DNS options 292 even under the loss of RAs on links with a relatively high rate of 293 packet loss. Note that the ratio of AdvDefaultLifetime to 294 MaxRtrAdvInterval is the number of unsolicited multicasted RAs 295 sent by the router. Since the DNS option entries can survive for 296 at most three consecutive losses of RAs containing DNS options, 297 the default value of the Lifetime lets the DNS option entries be 298 resilient to packet-loss environments. 300 5.2. DNS Search List Option 302 The DNSSL option contains one or more domain names of DNS suffixes. 303 All of the domain names share the same Lifetime value. If it is 304 desirable to have different Lifetime values, multiple DNSSL options 305 can be used. Figure 2 shows the format of the DNSSL option. 307 0 1 2 3 308 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 | Type | Length | Reserved | 311 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 | Lifetime | 313 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 314 | | 315 : Domain Names of DNS Search List : 316 | | 317 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 319 Figure 2: DNS Search List (DNSSL) Option Format 321 Fields: 322 Type 8-bit identifier of the DNSSL option type as assigned 323 by the IANA: 31 325 Length 8-bit unsigned integer. The length of the option 326 (including the Type and Length fields) is in units of 327 8 octets. The minimum value is 2 if at least one 328 domain name is contained in the option. The Length 329 field is set to a multiple of 8 octets to accommodate 330 all the domain names in the field of Domain Names of 331 DNS Search List. 333 Lifetime 32-bit unsigned integer. The maximum time in 334 seconds (relative to the time the packet is received) 335 over which these DNSSL domain names MAY be used for 336 name resolution. The Lifetime value has the same 337 semantics as with the RDNSS option. That is, 338 Lifetime SHOULD by default be at least 339 3 * MaxRtrAdvInterval. A value of all one bits 340 (0xffffffff) represents infinity. A value of zero 341 means that the DNSSL domain names MUST no longer be 342 used. 344 Domain Names of DNS Search List 345 One or more domain names of DNS Search List that MUST 346 be encoded as described in Section 3.1 of [RFC1035]. 347 By this technique, each domain name is represented as 348 a sequence of labels ending in a zero octet, defined 349 as domain name representation. For more than one 350 domain name, the corresponding domain name 351 representations are concatenated as they are. Note 352 that for the simple decoding, the domain names MUST 353 NOT be encoded in a compressed form, as described in 354 Section 4.1.4 of [RFC1035]. Because the size of this 355 field MUST be a multiple of 8 octets, for the minimum 356 multiple including the domain name representations, 357 the remaining octets other than the encoding parts of 358 the domain name representations MUST be padded with 359 zeros. 361 5.3. Procedure of DNS Configuration 363 The procedure of DNS configuration through the RDNSS and DNSSL 364 options is the same as with any other ND option [RFC4861]. 366 5.3.1. Procedure in IPv6 Hosts 368 When an IPv6 host receives DNS options (i.e., RDNSS and DNSSL 369 options) through RA messages, it processes the options as follows: 371 o The validity of DNS options is checked with the Length field; that 372 is, the value of the Length field in the RDNSS option is greater 373 than or equal to the minimum value (3), and satisfies that (Length 374 - 1) % 2 == 0. The value of the Length field in the DNSSL option 375 is greater than or equal to the minimum value (2). Also, the 376 validity of the RDNSS option is checked with the "Addresses of 377 IPv6 Recursive DNS Servers" field; that is, the addresses should 378 be unicast addresses. 380 o If the DNS options are valid, the host SHOULD copy the values of 381 the options into the DNS Repository and the Resolver Repository in 382 order. Otherwise, the host MUST discard the options. Refer to 383 Section 6 for the detailed procedure. 385 In the case where the DNS information of RDNSS and DNSSL can be 386 obtained from multiple sources, such as RA and DHCP, the IPv6 host 387 SHOULD keep some DNS options from all sources. Unless explicitly 388 specified for the discovery mechanism, the exact number of addresses 389 and domain names to keep is a matter of local policy and 390 implementation choice as a local configuration option. However, in 391 the case of multiple sources, the ability to store a total of at 392 least three RDNSS addresses (or DNSSL domain names) from the multiple 393 sources is RECOMMENDED. The DNS options from Router Advertisements 394 and DHCP SHOULD be stored into the DNS Repository and Resolver 395 Repository so that information from DHCP appears there first and 396 therefore takes precedence. Thus, the DNS information from DHCP 397 takes precedence over that from RA for DNS queries. On the other 398 hand, for DNS options announced by RA, if some RAs use the Secure 399 Neighbor Discovery (SEND) protocol [RFC3971] for RA security, they 400 MUST be preferred over those that do not use SEND. Also, DNS options 401 announced by RA via SEND MUST be preferred over those announced by 402 un-authenticated DHCP [RFC3118]. Refer to Section 7 for the detailed 403 discussion on SEND for DNS RA options. 405 5.3.2. Warnings for DNS Options Configuration 407 There are two warnings for DNS options configuration: (i) warning for 408 multiple sources of DNS options and (ii) warning for multiple network 409 interfaces. First, in the case of multiple sources for DNS options 410 (e.g., RA and DHCP), an IPv6 host can configure its IP addresses from 411 these sources. In this case, it is not possible to control how the 412 host uses DNS information and what source addresses it uses to send 413 DNS queries. As a result, configurations where different information 414 is provided by different mechanisms for autoconfiguration may lead to 415 problems. Therefore, the network administrator needs to carefully 416 configure different DNS options in the multiple mechanisms for 417 autoconfiguration in order to minimize the impact of such problems 418 [DHCPv6-SLAAC]. 420 Second, if different DNS information is provided on different network 421 interfaces, this can lead to inconsistent behavior. The IETF worked 422 on solving this problem for both DNS and other information obtained 423 by multiple interfaces [RFC6418][RFC6419], and standardized the 424 solution for RDNSS selection for multi-interfaced nodes in [RFC6731], 425 which is based on DHCP. 427 6. Implementation Considerations 429 The implementation considerations in this document include the 430 following three: (i) DNS repository management, (ii) synchronization 431 between DNS server list and resolver repository, and (iii) 432 synchronization between DNS search list and resolver repository. 434 Note: The implementations that are updated according to this 435 document will still interoperate with the existing implementations 436 according to [RFC6106]. This is because the main change of this 437 document is the increase of the default Lifetime of DNS options, 438 considering lossy links. 440 6.1. DNS Repository Management 442 For DNS repository management, the following two data structures 443 SHOULD be synchronized with the resolver repository: (i) DNS Server 444 List that keeps the list of RDNSS addresses and (ii) DNS Search List 445 that keeps the list of DNS search domain names. Each entry in these 446 two lists consists of a pair of an RDNSS address (or DNSSL domain 447 name) and Expiration-time as follows: 449 o RDNSS address for DNS Server List: IPv6 address of the Recursive 450 DNS Server which is available for recursive DNS resolution service 451 in the network advertising the RDNSS option. 453 o DNSSL domain name for DNS Search List: DNS suffix domain name 454 which is used to perform DNS query searches for short, unqualified 455 domain names. 457 o Expiration-time for DNS Server List or DNS Search List: The time 458 when this entry becomes invalid. Expiration-time is set to the 459 value of the Lifetime field of the RDNSS option or DNSSL option 460 plus the current time. Whenever a new RDNSS option with the same 461 address (or DNSSL option with the same domain name) is received on 462 the same interface as a previous RDNSS option (or DNSSL option), 463 this field is updated to have a new Expiration-time. When the 464 current time becomes larger than Expiration-time, this entry is 465 regarded as expired, so it should not be used any more. Note that 466 the DNS information for the RDNSS and DNSSL options need not be 467 dropped if the expiry of the RA router lifetime happens. This is 468 because these options have their own lifetime values. 470 6.2. Synchronization between DNS Server List and Resolver Repository 472 When an IPv6 host receives the information of multiple RDNSS 473 addresses within a network (e.g., campus network and company network) 474 through an RA message with RDNSS option(s), it stores the RDNSS 475 addresses (in order) into both the DNS Server List and the Resolver 476 Repository. The processing of the RDNSS consists of (i) the 477 processing of RDNSS option(s) included in an RA message and (ii) the 478 handling of expired RDNSSes. The processing of RDNSS option(s) is as 479 follows: 481 Step (a): Receive and parse the RDNSS option(s). For the RDNSS 482 addresses in each RDNSS option, perform Steps (b) through (d). 484 Step (b): For each RDNSS address, check the following: If the 485 RDNSS address already exists in the DNS Server List and the RDNSS 486 option's Lifetime field is set to zero, delete the corresponding 487 RDNSS entry from both the DNS Server List and the Resolver 488 Repository in order to prevent the RDNSS address from being used 489 any more for certain reasons in network management, e.g., the 490 termination of the RDNSS or a renumbering situation. That is, the 491 RDNSS can resign from its DNS service because the machine running 492 the RDNSS is out of service intentionally or unintentionally. 493 Also, under the renumbering situation, the RDNSS's IPv6 address 494 will be changed, so the previous RDNSS address should not be used 495 any more. The processing of this RDNSS address is finished here. 496 Otherwise, go to Step (c). 498 Step (c): For each RDNSS address, if it already exists in the DNS 499 Server List and the RDNSS option's Lifetime field is not set to 500 zero, then just update the value of the Expiration-time field 501 according to the procedure specified in the third bullet of 502 Section 6.1. Otherwise, go to Step (d). 504 Step (d): For each RDNSS address, if it does not exist in the DNS 505 Server List, register the RDNSS address and Lifetime with the DNS 506 Server List and then insert the RDNSS address as the first one in 507 the Resolver Repository. In the case where the data structure for 508 the DNS Server List is full of RDNSS entries (that is, has more 509 RDNSSes than the sufficient number discussed in Section 5.3.1), 510 delete from the DNS Server List the entry with the shortest 511 Expiration-time (i.e., the entry that will expire first). The 512 corresponding RDNSS address is also deleted from the Resolver 513 Repository. For the ordering of RDNSS addresses in an RDNSS 514 option, position the first RDNSS address in the RDNSS option as 515 the first one in the Resolver Repository, the second RDNSS address 516 in the option as the second one in the repository, and so on. 517 This ordering allows the RDNSS addresses in the RDNSS option to be 518 preferred according to their order in the RDNSS option for the DNS 519 name resolution. The processing of these RDNSS addresses is 520 finished here. 522 The handling of expired RDNSSes is as follows: Whenever an entry 523 expires in the DNS Server List, the expired entry is deleted from the 524 DNS Server List, and also the RDNSS address corresponding to the 525 entry is deleted from the Resolver Repository. 527 6.3. Synchronization between DNS Search List and Resolver Repository 529 When an IPv6 host receives the information of multiple DNSSL domain 530 names within a network through an RA message with DNSSL option(s), it 531 stores the DNSSL domain names (in order) into both the DNS Search 532 List and the Resolver Repository. The processing of the DNSSL 533 consists of (i) the processing of DNSSL option(s) included in an RA 534 message and (ii) the handling of expired DNSSLs. The processing of 535 DNSSL option(s) is the same with that of RDNSS option(s) in Section 536 6.2. 538 7. Security Considerations 540 In this section, we analyze security threats related to DNS options 541 and then suggest recommendations to cope with such security threats. 543 7.1. Security Threats 545 For the RDNSS option, an attacker could send an RA with a fraudulent 546 RDNSS address, misleading IPv6 hosts into contacting an unintended 547 DNS server for DNS name resolution. Also, for the DNSSL option, an 548 attacker can let IPv6 hosts resolve a host name without a DNS suffix 549 into an unintended host's IP address with a fraudulent DNS Search 550 List. These attacks are similar to ND attacks specified in [RFC4861] 551 that use Redirect or Neighbor Advertisement messages to redirect 552 traffic to individual addresses of malicious parties. 554 However, the security of these RA options for DNS configuration does 555 not affect ND protocol security [RFC4861]. This is because learning 556 DNS information via the RA options cannot be worse than learning bad 557 router information via the RA options. Therefore, the vulnerability 558 of ND is not worse and is a subset of the attacks that any node 559 attached to a LAN can do. 561 7.2. Recommendations 563 The Secure Neighbor Discovery (SEND) protocol [RFC3971] is designed 564 as a security mechanism for ND. In this case, ND can use SEND to 565 allow all the ND options including the RDNSS and DNSSL options to be 566 automatically signed with digital signatures. 568 It is common for network devices such as switches to include 569 mechanisms to block unauthorized ports from running a DHCPv6 server 570 to provide protection from rogue DHCPv6 servers [RFC7610]. That 571 means that an attacker on other ports cannot insert bogus DNS servers 572 using DHCPv6. The corresponding technique for network devices is 573 RECOMMENDED to block rogue Router Advertisement messages including 574 the RDNSS and DNSSL options from unauthorized nodes [RFC6104] 575 [RFC6105]. 577 An attacker may provide a bogus DNS Search List option in order to 578 cause the victim to send DNS queries to a specific DNS server when 579 the victim queries non-FQDNs (fully qualified domain names). For 580 this attack, the DNS resolver in IPv6 hosts can mitigate the 581 vulnerability with the recommendations mentioned in [RFC1535], 582 [RFC1536], and [RFC3646]. 584 8. IANA Considerations 586 The RDNSS option defined in this document uses the IPv6 Neighbor 587 Discovery Option type assigned by the IANA as follows: 589 Option Name Type 590 Recursive DNS Server Option 25 592 The DNSSL option defined in this document uses the IPv6 Neighbor 593 Discovery Option type assigned by the IANA as follows: 595 Option Name Type 596 DNS Search List Option 31 598 These options are registered in the "Internet Control Message 599 Protocol version 6 (ICMPv6) Parameters" registry [ICMPv6]. 601 9. Acknowledgements 603 This document has greatly benefited from inputs by Robert Hinden, 604 Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik 605 Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony 606 Cheneau, Fernando Gont, Jen Linkova, Ole Troan, Mark Smith, Tatuya 607 Jinmei, Lorenzo Colitti, Tore Anderson, David Farmer, Bing Liu, and 608 Tassos Chatzithomaoglou. The authors sincerely appreciate their 609 contributions. 611 This document was supported by Institute for Information & 612 communications Technology Promotion (IITP) grant funded by the Korea 613 government (MSIP) [10041244, Smart TV 2.0 Software Platform]. 615 10. References 617 10.1. Normative References 619 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 620 Requirement Levels", BCP 14, RFC 2119, March 1997. 622 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. 623 Soliman, "Neighbor Discovery for IP version 6 624 (IPv6)", RFC 4861, September 2007. 626 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 627 Stateless Address Autoconfiguration", RFC 4862, 628 September 2007. 630 [RFC1035] Mockapetris, P., "Domain Names - Implementation and 631 Specification", STD 13, RFC 1035, November 1987. 633 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., 634 and B. Zill, "IPv6 Scoped Address Architecture", 635 RFC 4007, March 2005. 637 10.2. Informative References 639 [RFC1034] Mockapetris, P., "Domain Names - Concepts and 640 Facilities", STD 13, RFC 1034, November 1987. 642 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, 643 C., and M. Carney, "Dynamic Host Configuration 644 Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. 646 [RFC3736] Droms, R., "Stateless Dynamic Host Configuration 647 Protocol (DHCP) Service for IPv6", RFC 3736, 648 April 2004. 650 [RFC3646] Droms, R., "DNS Configuration options for Dynamic 651 Host Configuration Protocol for IPv6 (DHCPv6)", 652 RFC 3646, December 2003. 654 [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, 655 "IPv6 Router Advertisement Options for DNS 656 Configuration", RFC 6106, November 2010. 658 [RFC4339] Jeong, J., "IPv6 Host Configuration of DNS Server 659 Information Approaches", RFC 4339, February 2006. 661 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, 662 "SEcure Neighbor Discovery (SEND)", RFC 3971, 663 March 2005. 665 [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP 666 Messages", RFC 3118, June 2001. 668 [RFC6104] Chown, T. and S. Venaas, "Rogue IPv6 Router 669 Advertisement Problem Statement", RFC 6104, 670 February 2011. 672 [RFC6105] Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., 673 and J. Mohacsi, "IPv6 Router Advertisement Guard", 674 RFC 6105, February 2011. 676 [RFC7610] Gont, F., Liu, W., and G. Van de Velde, "DHCPv6- 677 Shield: Protecting against Rogue DHCPv6 Servers", 678 RFC 7610, August 2015. 680 [RFC1535] Gavron, E., "A Security Problem and Proposed 681 Correction With Widely Deployed DNS Software", 682 RFC 1535, October 1993. 684 [RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. 685 Miller, "Common DNS Implementation Errors and 686 Suggested Fixes", RFC 1536, October 1993. 688 [DHCPv6-SLAAC] Liu, B., Jiang, S., Gong, X., Wang, W., and E. Rey, 689 "DHCPv6/SLAAC Interaction Problems on Address and DNS 690 Configuration", 691 draft-ietf-v6ops-dhcpv6-slaac-problem-07 (work in 692 progress), August 2016. 694 [RFC6418] Blanchet, M. and P. Seite, "Multiple Interfaces and 695 Provisioning Domains Problem Statement", RFC 6418, 696 November 2011. 698 [RFC6419] Wasserman, M. and P. Seite, "Current Practices for 699 Multiple-Interface Hosts", RFC 6419, November 2011. 701 [RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved 702 Recursive DNS Server Selection for Multi-Interfaced 703 Nodes", RFC 6731, December 2012. 705 [ICMPv6] ICMPv6 Parameters Registry, "http://www.iana.org/ 706 assignments/icmpv6-parameters/ 707 icmpv6-parameters.xhtml#icmpv6-parameters-5". 709 Appendix A. Changes from RFC 6106 711 The following changes were made from RFC 6106 "IPv6 Router 712 Advertisement Options for DNS Configuration": 714 o This document allows a higher default value of the lifetime of the 715 DNS RA options than RFC 6106 in order to avoid the frequent expiry 716 of the options on links with a relatively high rate of packet 717 loss, and also making additional clarifications. The lifetime's 718 lower bound of 2 * MaxRtrAdvInterval was shown to lead to the 719 expiry of these options on links with a relatively high rate of 720 packet loss. This revision relaxes the lower bound and sets a 721 higher default value of 3 * MaxRtrAdvInterval to avoid this 722 problem. 724 o The generation of Router Solicitation to ensure that the RDNSS 725 information is fresh before the expiry of the RDNSS option is 726 removed in order to prevent multicast traffic on the link from 727 increasing. 729 o The addresses for recursive DNS servers in the RDNSS option can be 730 not only global addresses, but also link-local addresses. The 731 link-local addresses for RDNSSes should be registered into the 732 resolver repository along with the corresponding link zone 733 indices. 735 o RFC 6106 recommended that the number of RDNSS addresses that 736 should be learned and maintained through the RDNSS RA option 737 should be limited to three. This document removes that 738 recommendation, thus the number of RDNSS addresses to maintain is 739 determined by an implementer's local policy. 741 o RFC 6106 recommended that the number of DNS search domains that 742 should be learned and maintained through the DNSSL RA option 743 should be limited to three. This document removes that 744 recommendation, thus when the set of unique DNSSL values are not 745 equivalent, none of them may be ignored for hostname lookups 746 according to an implementer's local policy. 748 o The guidance of the specific implementation for the 749 synchronization of the DNS Repository and Resolver Repository on 750 the kernel space and user space is removed. 752 o The usage of the keywords of SHOULD and RECOMMENDED in RFC 2119 is 753 removed in the recommendation of using SEND for secure ND. 754 Instead of using these keywords, SEND is specified as only a 755 possible solution for secure ND. 757 Authors' Addresses 759 Jaehoon Paul Jeong 760 Department of Software 761 Sungkyunkwan University 762 2066 Seobu-Ro, Jangan-Gu 763 Suwon, Gyeonggi-Do 16419 764 Republic of Korea 766 Phone: +82 31 299 4957 767 Fax: +82 31 290 7996 768 EMail: pauljeong@skku.edu 769 URI: http://iotlab.skku.edu/people-jaehoon-jeong.php 771 Soohong Daniel Park 772 Software R&D Center 773 Samsung Electronics 774 Seoul R&D Campus D-Tower, 56, Seongchon-Gil, Seocho-Gu 775 Seoul 06765 776 Republic of Korea 778 EMail: soohong.park@samsung.com 780 Luc Beloeil 781 France Telecom R&D 782 42, rue des coutures 783 BP 6243 784 14066 CAEN Cedex 4 785 France 787 Phone: +33 2 40 44 97 40 788 EMail: luc.beloeil@orange-ftgroup.com 790 Syam Madanapalli 791 iRam Technologies 792 #H304, Shriram Samruddhi, Thubarahalli 793 Bangalore - 560066 794 India 796 EMail: smadanapalli@gmail.com