Network Working Group X. Li Internet-Draft C. Bao Intended status: Informational CERNET Center/Tsinghua University Expires: August 18, 2010 February 14, 2010 DNS46 for the IPv4/IPv6 Stateless Translator draft-xli-behave-dns46-for-stateless-02 Abstract The stateless translator can support IPv6-initiated communications as well as IPv4-initiated communications for IPv6 hosts using IPv4- translatable addresses. DNS support for the IPv6-initiated communication is defined in the DNS64 specification. This document defines the DNS46 function for the stateless translator. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 18, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Li & Bao Expires August 18, 2010 [Page 1] Internet-Draft DNS46 for Stateless Translator February 2010 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3 3. DNS46 for the IPv4/IPv6 Stateless Translator . . . . . . . . . 3 3.1. Authoritative DNS server . . . . . . . . . . . . . . . . . 3 3.1.1. Static AAAA record . . . . . . . . . . . . . . . . . . 3 3.1.2. Varying AAAA record . . . . . . . . . . . . . . . . . . 4 3.2. DNS resolver . . . . . . . . . . . . . . . . . . . . . . . 4 3.2.1. DNS resolver for scenario 6 . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Normative References . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Li & Bao Expires August 18, 2010 [Page 2] Internet-Draft DNS46 for Stateless Translator February 2010 1. Introduction DNS mechanism is one of the functions model for the IPv4/IPv6 transition [I-D.ietf-behave-v6v4-framework]. DNS64 allows IPv6 hosts to resolve names of IPv4 hosts whereas DNS46 allows IPv4 hosts to resolve names of IPv6 hosts. General DNS46 is considered harmful, as NAT-PT was deprecated by IETF [RFC4966]. However, stateless translators can support IPv6-initiated communications (scenario 1 and 3) which requires the DNS64 support, as well as IPv4-initiated communications (scenario 2 and 4) which requires the DNS46 support [I-D.ietf-behave-v6v4-framework] [I-D.ietf-behave-v6v4-xlate]. DNS64 is used for both stateful and stateless translators and it is defined in [I-D.ietf-behave-dns64]. DNS46 is only used for the stateless translators and it is defines in this document. 2. Notational Conventions The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in [RFC2119]. 3. DNS46 for the IPv4/IPv6 Stateless Translator The DNS46 for stateless IPv4/IPv6 translation is for the following scenarios: o Scenario 2: The IPv4 Internet to an IPv6 network. o Scenario 6: An IPv4 network to an IPv6 network. 3.1. Authoritative DNS server Since the destination is "an IPv6 network", DNS46 can be deployed as an authoritative DNS server [RFC1035] in an IPv6 network. 3.1.1. Static AAAA record This is very similar to the authoritative DNS configuration of dual- stack hosts. The only difference is that in the dual-stack case, the A record and AAAA record are independent, while in stateless translation case, the hosts are typically IPv6 single stack (or for some reason incapable of using IPv4 on a particular network) using IPv4-translatable addresses and the A record MUST be derived from the Li & Bao Expires August 18, 2010 [Page 3] Internet-Draft DNS46 for Stateless Translator February 2010 AAAA record based on the algorithm and the PREFIX information [I-D.ietf-behave-address-format]. 3.1.2. Varying AAAA record If an IPv6 host has a varying AAAA record (that is, it could change due to the IPv6-only host changing its IPv6 address and registering its new address via, for example, DNS Dynamic Updates [RFC2316]), then the dynamic DNS46 function is required. However, it is still the authoritative DNS. When the authoritative DNS receives a dynamic update containing AAAA record, it MUST synthesize corresponding A record before signing the zone, which can be derived based on the algorithm and the PREFIX information [I-D.ietf-behave-address-format]. 3.2. DNS resolver For scenario 2 (the IPv4 Internet to an IPv6 network) the implementation of DNS46 resolver is impossible, since the IPv4 hosts are in the IPv4 Internet. 3.2.1. DNS resolver for scenario 6 However, for scenario 6 (an IPv4 network to IPv6 network) [I-D.ietf-behave-v6v4-framework], it is possible to use DNS resolver in an IPv4 network to synthesize A records from the AAAA records based on the algorithm and the PREFIX information [I-D.ietf-behave-address-format]. 4. Security Considerations When DNS46 function is provided by authoritative DNS server, DNS46 can support DNSSEC without problem. When DNS46 function is provided by authoritative DNS server, the reverse DNS is also under the same network operator's control which may provide additional validation function for the IPv4-translatable IPv6 addresses. 5. IANA Considerations This memo adds no new IANA considerations. Note to RFC Editor: This section will have served its purpose if it correctly tells IANA that no new assignments or registries are required, or if those assignments or registries are created during Li & Bao Expires August 18, 2010 [Page 4] Internet-Draft DNS46 for Stateless Translator February 2010 the RFC publication process. From the author's perspective, it may therefore be removed upon publication as an RFC at the RFC Editor's discretion. 6. Acknowledgments The authors would like to acknowledge the following contributors of this document: Dan Wing and Kevin Yin. 7. Normative References [I-D.ietf-behave-address-format] Huitema, C., Bao, C., Bagnulo, M., Boucadair, M., and X. Li, "IPv6 Addressing of IPv4/IPv6 Translators", draft-ietf-behave-address-format-04 (work in progress), January 2010. [I-D.ietf-behave-dns64] Bagnulo, M., Sullivan, A., Matthews, P., and I. Beijnum, "DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers", draft-ietf-behave-dns64-05 (work in progress), December 2009. [I-D.ietf-behave-v6v4-framework] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for IPv4/IPv6 Translation", draft-ietf-behave-v6v4-framework-06 (work in progress), February 2010. [I-D.ietf-behave-v6v4-xlate] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation Algorithm", draft-ietf-behave-v6v4-xlate-09 (work in progress), February 2010. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2316] Bellovin, S., "Report of the IAB Security Architecture Workshop", RFC 2316, April 1998. [RFC4966] Aoun, C. and E. Davies, "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Li & Bao Expires August 18, 2010 [Page 5] Internet-Draft DNS46 for Stateless Translator February 2010 Historic Status", RFC 4966, July 2007. Authors' Addresses Xing Li CERNET Center/Tsinghua University Room 225, Main Building, Tsinghua University Beijing 100084 CN Phone: +86 10-62785983 Email: xing@cernet.edu.cn Congxiao Bao CERNET Center/Tsinghua University Room 225, Main Building, Tsinghua University Beijing 100084 CN Phone: +86 10-62785983 Email: congxiao@cernet.edu.cn Li & Bao Expires August 18, 2010 [Page 6]