INTERNET-DRAFT Tomohide Nagashima Japan Telecom July 30, 2001 Technique of DNS use at home network Status of this memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Goal IPv6 can make the number of nodes which are able to have a end-to-end connection increase explosively.It is possible to allocate IP address to the individual nodes which are used in the home. These nodes is able to be accessed by other node like a cellular phone which is far from these nodes. As it is difficult for user to specify IP address to connect home nodes, name resolution is required. But name resolution by standard DNS with FQDN has following problem; - Spread of name space Registration of individual host name in name space will leads increase of the number of entry in name space. We must be care about increase of query-response times per one resolution of host name, deterioration of response time by caching increase or entry increase and the overload of name server by entry increase. - Longer or undesirable name FQDN is not needed by individual user. If the number of entry was in increase, user might have to use FQDN with longer suffix or undesirable host name which has some meaningless code. Expire: January 30, 2002 [Page 1] - Difference of user DNS is desined so that every host can resolve target hostname. But individual host like TV is just for restricted users, and is not necessary to access by the outside node. In this memo, we think the following case in which individual mobile node can be access from external network to the home network, and provide a example to execute it. And we also consider some technics and subjects to do. Goal: Following case should be considered. - We have home nodes which are in same home network and a mobile node which is out of home network. - A mobile node can be resolve IP address of home nodes. - A mobile node should not use distant name server for general name resolution. - Entries of home nodes should not accessable except for home nodes and mobile node. - Entries of home nodes should not be in global name space. 2. Plan We achieve such goal by following plan. 1) Assume that suffix of home nodes are ".$pvt". 2) Home nodes and name server which has zone-files of the entries of home nodes are in the same site. 3) A resolver of the mobile node sends query to the home name server if need to resolve hostname whose suffix is ".$pvt". Other query is sent to the other name server which is close to the mobile node. 4) "$.pvt" shoud be used as a suffix to make up incomplete hostname in the mobile node. 5) Queries from non-home (external) network to the home name server for ".$pvt" zone needs authentication using TSIG. The mobile node will send query using TSIG. 6) The mobile node gets key for TSIG when it is in the home network or by some user/password authentication. Expire: January 30, 2002 [Page 2] +------+ www.example.org ? +--------------+ |mobile|-------------------->| name servers | +------+ +--------------+ \ A \ tv.$pvt ? / www.foo.net ? \ / ----------------------------------------------- \ / home network V / +-------------------+ | home name server | +-------------------+ | | | ---+-----------+------ | | [home node] [home node] Fig. overview of goal 3. Consideration 1) Assume that suffix of home nodes are ".$pvt". Suffix of home nodes should be co-known by home gateway and mobile node in advance. it is necessary to define what kind of suffix is used for this purpose. following candidacies exist; - Use FQDN of home name server as suffix. - Use some private TLD as suffix like ".pvt". - Other plan. If we use FQDN of home name server as suffix, home gateway must be allocated FQDN by upstream ISP. The mobile node use it as suffix to make up incomplete hostname, the mobile node must be known such suffix by someone. Manually configuration is considerable, but if we think about non-PC node like a cellular phone, it is necessary to distribute this infomation automatically. If we use private TLD, we does not need to care about these problem, but if some outside name server receive this record, there may be occured some confusion in the name space. 2) Home nodes and name server which has zone-files of the entries of home nodes are in the same site. If host name server is out of home network, home nodes may need TSIG option to send query to the home name server. Key distribution for TSIG will be difficult becase administrators of name server and nodes are different. Expire: January 30, 2002 [Page 3] 3) A resolver of the mobile node sends query to the home name server if need to resolve hostname whose suffix is ".$pvt". Other query is sent to the other name server which is close to the mobile node. If resolver of the mobile node knew only the name server which is close to the mobile node, the name server must know a mapping from home nodes to IP addresses. this means that home name server lets the outside node know such private infomation. If resolver of the mobile node knew only the home name server, all query must be sent to the home name server. In the case the mobile node is far from the home name server, response time will be very late. To realize this way, resolver must treat suffix ".$pvt" as a special case, and have mapping suffix, name server and TSIG key as described in 5). 4) "$.pvt" shoud be used as a suffix to make up incomplete hostname in the mobile node. This will help user to connect to the home node more simply. If user want to access to the tv.$pvt, user may specify just "tv". 5) Queries from non-home (external) network to the home name server for ".$pvt" zone needs authentication using TSIG. The mobile node will send query using TSIG. This way have two merit. One is that host names of home nodes are not be known by the outside node. This is merit of userside for security reason. The other is that outside name server does not need to know about these nodes infomation. This will avoid spread of name space. 6) The mobile node gets key for TSIG when it is in the home network or by some user/password authentication. As mobile node need to access to the home name server using TSIG, mobile node need to get key for TSIG by some way. But there is no special way to accomplish it so some definition is necessary for this purpose. 4. Author Information Tomohide Nagashima Japan Telecom Co., Ltd. 4-7-1, Hacchobori Tyuo-ku, Tokyo, Japan Email: tomohide@japan-telecom.co.jp Expire: January 30, 2002 [Page 4]