Network Working Group J. Jeong, Ed. Internet-Draft ETRI/University of Minnesota Expires: July 22, 2006 S. Park SAMSUNG Electronics L. Beloeil France Telecom R&D S. Madanapalli SAMSUNG ISO January 18, 2006 IPv6 Router Advertisement Option for DNS Configuration draft-jeong-dnsop-ipv6-dns-discovery-08.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on July 22, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document specifies a new IPv6 Router Advertisement option to allow IPv6 routers to advertise DNS recursive server addresses to IPv6 hosts. Jeong, et al. Expires July 22, 2006 [Page 1] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Applicability Statements . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 4 5.1 Recursive DNS Server Option . . . . . . . . . . . . . . . 5 5.2 Procedure of DNS Configuration . . . . . . . . . . . . . . 7 5.2.1 Procedure in IPv6 Router . . . . . . . . . . . . . . . 7 5.2.2 Procedure in IPv6 Host . . . . . . . . . . . . . . . . 7 6. Implementation Considerations . . . . . . . . . . . . . . . . 7 6.1 DNS Server List Management . . . . . . . . . . . . . . . . 8 6.2 Synchronization between DNS Server List and Resolver Repository . . . . . . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 10.1 Normative References . . . . . . . . . . . . . . . . . . . 11 10.2 Informative References . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12 Intellectual Property and Copyright Statements . . . . . . . . 14 Jeong, et al. Expires July 22, 2006 [Page 2] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 1. Introduction Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless Address Autoconfiguration provide ways to configure either fixed or mobile nodes with one or more IPv6 addresses, default routes and some other parameters [4][5]. To support the access to additional services in the Internet that are identified by a DNS name, such as a web server, the configuration of at least one recursive DNS server is also needed for DNS name resolution. It is infeasible for nomadic hosts, such as laptops, to have to enter a DNS resolver each time they connect to a different wireless LAN (WLAN) such as IEEE 802.11 a/b/g [10]-[13]. This document provides a new way which uses a new IPv6 Router Advertisement option to allow IPv6 routers to advertise DNS recursive server addresses to IPv6 hosts. 1.1 Applicability Statements RA-based DNS configuration is useful in the networks where an IPv6 address is autoconfigured through IPv6 stateless address autoconfiguration, such as SOHO, home networks, cellular networks (e.g., 3GPP), MIPv6 (especially, HMIPv6), NEMO and MANET connected to the Internet. Especially, the new RA option may be useful in some mobile environments where the addresses of the RDNSSes are added or deleted according to a mobile node's movement because the RA option includes a lifetime field that allows the mobile node to delete the expired entries for RDNSSes. This lifetime field can be configured to a value that will require the mobile node to time out the RDNSS address entry in the previous network and to switch over to another RDNSS address in the same network. Therefore, the lifetime field can allow the mobile node to use the RDNSSes announced in the network where it is placed. As a result, the local RDNSS may provide the mobile node with quicker recursive DNS resolution service than the remote RDNSSes. Using the lifetime field differentiate RA approach from DHCPv6 approach in that it allows mobile nodes to use local RDNSSes rather than remote RDNSSes in order to being able to reduce the DNS resolution delay [6]-[8]. 2. Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [3]. 3. Terminology This document uses the terminology described in [4][5]. In addition, Jeong, et al. Expires July 22, 2006 [Page 3] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 three new terms are defined below: o Recursive DNS Server (RDNSS): Server which provides a recursive DNS resolution service. o DNS Server List: Data structure for managing DNS Server Information existing in IPv6 protocol stack in addition to Neighbor Cache and Destination Cache for Neighbor Discovery [4]. o Resolver Repository: Configuration repository with RDNSS addresses which a DNS resolver on the host uses for DNS name resolution, such as Unix resolver file (i.e., /etc/resolv.conf) and Windows registry. 4. Overview This document defines a new ND option called RDNSS option that contains the addresses of recursive DNS servers. Existing ND transport mechanisms (i.e., advertisements and solicitations) are used. This works in the same way that hosts learn about routers and prefixes. An IPv6 host can configure the IPv6 addresses of one or more RDNSSes via RA message periodically sent by router or solicited by a Router Solicitation (RS). Through the RDNSS option along with the prefix information option based on the ND protocol [4][5], an IPv6 host can perform its network configuration of its IPv6 address and RDNSS simultaneously without needing a separate message exchange for the RDNSS information. The RA option for RDNSS can be used on any network that supports the use of ND. This approach requires RDNSS information to be configured in the routers sending the advertisements. The configuration of RDNSS addresses in the routers can be done by manual configuration. The automatic configuration or redistribution of RDNSS information is possible by running a DHCPv6 client running on the router [6]-[8]. The automatic configuration of RDNSS addresses in the routers is out of scope in this document. The preference field of RDNSS option allows IPv6 hosts to select a primary RDNSS among several RDNSSes; this can be used for load balancing of RDNSSes. 5. Neighbor Discovery Extension The IPv6 DNS configuration mechanism in this document needs a new ND option in Neighbor Discovery, Recursive DNS Server (RDNSS) option. Jeong, et al. Expires July 22, 2006 [Page 4] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 5.1 Recursive DNS Server Option RDNSS option contains one or more IPv6 addresses of recursive DNS servers. All of the addresses share the same preference and lifetime values. If it is desirable to have different preference and lifetime values, multiple RDNSS options can be used. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Pref |S| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | : Addresses of IPv6 Recursive DNS Servers : | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Recursive DNS Server (RDNSS) Option Format Figure 1 shows the format of RDNSS option. Fields: Type 8-bit identifier of the option type (TBD: IANA) Option Name Type RDNSS option (TBD) Length 8-bit unsigned integer. The length of the option (including the type and length fields) in units of 8 octets. The minimum value is 0x03 if one IPv6 address is contained in the option. Every additional RDNSS address increases the length by 0x02. The length field is used by the receiver to determine the number of IPv6 addresses in the option. Pref The preference of an RDNSS. A 4-bit unsigned integer. A decimal value of 15 indicates the highest preference. A value of zero means unspecified. The default value of preference may be from 8 to 11 for manually configured or RA-derived RDNSSes. A preference less than 8 Jeong, et al. Expires July 22, 2006 [Page 5] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 means less preferred than manual configured RDNSS and a preference greater than 11 means more preferred. S 1-bit "Service open" flag. When set, it indicates that RDNSS(es) in the option can be available for IPv6 hosts when they are detached from the origin subnet where they obtained the RDNSSes. This flag SHOULD be set only if the routers or firewalls in the network allow DNS Query messages to be routed to the destination RDNSS without being filtered out, and the RDNSS is configured to perform recursive queries for all hosts regardless of their addresses. Lifetime 32-bit unsigned integer. The maximum time, in seconds (relative to the time the packet is sent), over which this RDNSS is used for name resolution. Hosts MAY send a Router Solicitation to ensure the RDNSS information is fresh before the interval expires. In order to provide fixed hosts with the stable DNS service and allow mobile hosts to prefer local RDNSSes to remote RDNSSes, the value of lifetime should be at least as long as the Maximum RA Interval (MaxRtrAdvInterval) in RFC 2461, and be at most as long as two times MaxRtrAdvInterval; Lifetime SHOULD be bounded as follows: MaxRtrAdvInterval<=Lifetime<=2*MaxRtrAdvInterval. A value of all one bits (0xffffffff) represents infinity. A value of zero means that the RDNSS MUST no longer be used. Addresses of IPv6 Recursive DNS Servers One or more 128-bit IPv6 addresses of the recursive DNS servers. The number of addresses is determined by the Length field. That is, the number of addresses is equal to (Length - 1) / 2. For the maximum number of RDNSS addresses in one RDNSS option, at most three is recommended since three RDNSSes are enough for DNS resolution service. See Section 5.2 for how parts of RDNSSes in one RDNSS option can be selected by a host. Jeong, et al. Expires July 22, 2006 [Page 6] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 5.2 Procedure of DNS Configuration The procedure of DNS configuration through RDNSS option is the same as any other ND option [4]. 5.2.1 Procedure in IPv6 Router An IPv6 router SHOULD include RDNSS option(s) in solicited and unsolicited RAs it sends if the router has been configured to send this RDNSS information to hosts on the link. Since one RDNSS option is recommended to have at most three RDNSSes, the router MAY send more than one RDNSS option if it would like to advertise more than three RDNSSes. 5.2.2 Procedure in IPv6 Host When an IPv6 host receives RDNSS option through RA, it checks whether the option is valid; o If the RDNSS option is present, the host SHOULD copy the option's value into the DNS Server List and the Resolver Repository as long as the value of Length field is greater than or equal to the minimum value (0x03). The host MAY ignore additional RDNSS addresses within an RDNSS option and/or additional RDNSS options within an RA when it has gathered a sufficient number of RDNSSes. It is expected that most implementations will use at least two or three RDNSSes, but few will use a fourth or subsequent RDNSS. o If the RDNSS option is present but invalid (e.g., it has the length less than 0x03), the host SHOULD discard the option. 6. Implementation Considerations Note This non-normative section gives some hints for implementing the processing of RDNSS option in IPv6 host. For the configuration and management of RDNSS information, the advertised RDNSS addresses can be stored and managed in both the DNS Server List and the Resolver Repository. In environments where the RDNSS information is stored in user space and ND runs in the kernel, it is necessary to synchronize the DNS Server List for RDNSSes in kernel space and the Resolver Repository in user space. For the synchronization, the implementation where ND Jeong, et al. Expires July 22, 2006 [Page 7] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 works in the kernel should provide the write operation for updating RDNSS information from the kernel to the Resolver Repository. One simple approach to perform this is to have a daemon around (or a program that is called at the defined intervals) that keeps monitoring the lifetime of RDNSSes all the time. Whenever there is an expired entry in the DNS Server List, the daemon can delete the corresponding entry from the Resolver Repository. 6.1 DNS Server List Management The kernel or user-space process (depending on where RAs are processed) should maintain a data structure called DNS Server List which keeps the list of RDNSSes. Each entry of DNS Server List consists of RDNSS address, Preference, Expiration-time, and Service- open-flag as follows: o RDNSS address: IPv6 address of Recursive DNS Server which is available for recursive DNS resolution service in the network advertising the RDNSS option; such a network is called site in this document. o Preference: Preference field in RDNSS option allowing IPv6 hosts to select a primary RDNSS among several RDNSSes; the other RDNSSes except for the primary one can be used as backup. o Expiration-time: Expiration time field giving the time when this entry becomes invalid. Expiration-time is set to the value of Lifetime field of RDNSS option plus the current system time. Whenever a new RDNSS option with the same address is received, this field is updated to have a new expiration time. When Expiration-time becomes less than the current system time, this entry is regared as expired. The decision about whether to delete the expired entry depends on its Service-open-flag (See the explanation for Service-open-flag). o Service-open-flag (S flag): Flag for deciding whether to delete the expired entry. It is set to the value of "Service open" flag of RDNSS option. When the entry has expired and Service-open-flag is 0, the expired entry is deleted from the DNS Server List. Otherwise, the entry is maintained. That is, Service-open-flag set to 1 allows expired entry to be maintained. It may be useful when an IPv6 host is nomadic or mobile node. Service-open-flag allows an IPv6 host to continue to use expired RDNSSes located in other networks which it moved from. When there is no available RDNSS in the new network (or subnet), the IPv6 host can still use the remote RDNSSes which it used for DNS name resolution before. A host MAY delete expired entries in order to limit the storage needed for the DNS Server List. Any least recently used (LRU) Jeong, et al. Expires July 22, 2006 [Page 8] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 policy that reclaims entries that have expired with Service-open- flag set to 0 can be adopted for replacing the expired entries with the entries for newly announced RDNSSes [4]. For example, when the replacement is necessary, the IPv6 host can choose one whose Service-open-flag is turned off and whose Expiration-time is the least. Note When the S flag is not set, an RDNSS may only be used as long as both the RA router lifetime and the RDNSS option lifetime have not expired. When the S flag is set, the RDNSS may continue to be used after either or both of these lifetimes have expired and there are not any more eligible RDNSSes (with still valid lifetimes or learned through DHCP or manual configuration) are available [6]-[8]. RDNSSes with expired lifetimes should be used as a last resort only, as they may not be currently reachable or the RDNSS may not provide service to the host's current address. 6.2 Synchronization between DNS Server List and Resolver Repository When an IPv6 host receives the information of multiple RDNSSes within a site through an RA message with RDNSS option(s), it stores the RDNSS addresses in order into both the DNS Server List and the Resolver Repository. The processing of the RDNSS option included in RA message is as follows: Step (a): Receive and parse RDNSS option(s). Process only the first three RDNSS addresses in each RDNSS option if one RDNSS option has more than three RDNSS addresses. Step (b): Arrange the addresses of RDNSSes in a descending order, starting with the biggest value of "Pref" field of the RDNSS option and store them in both the DNS Server List and the Resolver Repository by sorting the entries, including newly added entries, in the descending order of preference value. In the case where there are several routers advertising RDNSS option(s) in a subnet, "Pref" field is used to arrange the information. When the preference is the same, the RDNSS announced earlier is more preferred. Also, when one RDNSS option has multiple RDNSSes with the same preference, keep the order or the addresses in the option, so the first is preferred. Step (c): For each RDNSS option, check the following: If each value of "Lifetime" field is set to zero, regardless of the value of 'S' flag, delete the corresponding RDNSS entries from both the DNS Server List and the Resolver Repository in order to let the RDNSSes be not used any more for certain reasons in network Jeong, et al. Expires July 22, 2006 [Page 9] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 management, e.g., the breakdown of the RDNSS and a renumbering situation. Step (d): Delete each expired entry whose S flag is set off from DNS Server List and the RDNSS address corresponding to the entry from the Resolver Repository. However, in mobile environment, in order that a mobile node can still use the RDNSS of the previous site when the host moves into another site and no RDNSS is available there, it MAY be allowed to maintain the entry whose S flag is on in both the DNS Server List and the Resolver Repository. The expired RDNSS entry is regarded as having lower preference than the valid entries regardless of preference values. The sorting for expired RDNSS entries with the S flag set on is performed in both the DNS Server List and the Resolver Repository based on preference values. In the case where the data structure for the DNS Server List is full of RDNSS entries, the expired entries MAY be deleted according to the LRU-based policy specified in Section 6.1. 7. Security Considerations The security of RA option for RDNSS is the same as ND protocol security [4]. The RA option does not add any new vulnerability. It should be noted that the vulnerability of ND is not worse and is a subset of the attacks that any node attached to a LAN can do independently of ND. A malicious node on a LAN can promiscuously receive packets for any router's MAC address and send packets with the router's MAC address as the source MAC address in the L2 header. As a result, the L2 switches send packets addressed to the router to the malicious node. Also, this attack can send redirects that tell the hosts to send their traffic somewhere else. The malicious node can send unsolicited RA or NA replies, answer RS or NS requests, etc. Also, an attacker could configure a host to send out RA with a fraudulent RDNSS address, which is presumably and easier avenue of attack than becoming a rogue router and having to process all traffic for the subnet. It is necessary to disable the RA RDNSS option administatively to avoid this problem. All of this can be done independently of implementing ND. Therefore, the RA option for RDNSS does not add to the vulnerability. If Secure Neighbor Discovery (SEND) protocol is used as the security mechanism for ND, all the ND options including RDNSS option are also automatically included in the signatures [9], so the RDNSS transport is integrity-protected. However, since any valid SEND node can still insert RDNSS options, SEND cannot verify who is or is not authorized to send the options. Jeong, et al. Expires July 22, 2006 [Page 10] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 8. IANA Considerations Note This section will be removed after the assignment of RDNSS option type. The IANA should assign a new IPv6 Neighbor Discovery Option type for the RDNSS option defined in this document. The IANA registry for these options is: http://www.iana.org/assignments/icmpv6-parameters 9. Acknowledgements This draft has greatly benefited from inputs by Robert Hinden, Pekka Savola, Iljitsch van Beijnum, Brian Haberman and Tim Chown. The authors appreciate their contribution. 10. References 10.1 Normative References [1] Bradner, S., "IETF Rights in Contributions", RFC 3978, March 2005. [2] Bradner, S., "Intellectual Property Rights in IETF Technology", RFC 3668, February 2004. [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [4] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998. [5] Thomson, S. and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998. 10.2 Informative References [6] Droms, R., Ed., "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [7] Droms, R., "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6", RFC 3736, April 2004. [8] Droms, R., Ed., "DNS Configuration options for Dynamic Host Jeong, et al. Expires July 22, 2006 [Page 11] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December 2003. [9] Arkko, J., Ed., "SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005. [10] ANSI/IEEE Std 802.11, "Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", March 1999. [11] IEEE Std 802.11a, "Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: High-speed Physical Layer in the 5 GHZ Band", September 1999. [12] IEEE Std 802.11b, "Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: Higher-Speed Physical Layer Extension in the 2.4 GHz Band", September 1999. [13] IEEE P802.11g/D8.2, "Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: Further Higher Data Rate Extension in the 2.4 GHz Band", April 2003. Authors' Addresses Jaehoon Paul Jeong (editor) ETRI/Department of Computer Science and Engineering University of Minnesota 117 Pleasant Street SE Minneapolis, MN 55455 US Phone: +1 651 587 7774 Fax: +1 612 625 2002 Email: jjeong@cs.umn.edu URI: http://www.cs.umn.edu/~jjeong/ Soohong Daniel Park Mobile Platform Laboratory SAMSUNG Electronics 416 Maetan-3dong, Yeongtong-Gu Suwon, Gyeonggi-Do 443-742 Korea Phone: +82 31 200 4508 Email: soohong.park@samsung.com Jeong, et al. Expires July 22, 2006 [Page 12] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 Luc Beloeil France Telecom R&D 42, rue des coutures BP 6243 14066 CAEN Cedex 4 France Phone: +33 02 3175 9391 Email: luc.beloeil@francetelecom.com Syam Madanapalli AMSUNG India Software Operations J. P. Techno Park, 3/1 Millers Road Bangalore 560052 India Phone: +91 80 51197777 Email: syam@samsung.com Jeong, et al. Expires July 22, 2006 [Page 13] Internet-Draft IPv6 RA Option for DNS Configuration January 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Jeong, et al. Expires July 22, 2006 [Page 14]