Network Working Group Renxiang Yan Internet-Draft Alcatel Shanghai Bell Expires: November 27, 2004 May 27, 2004 DNS zone suffix option for DHCPv6 draft-yan-dhc-dhcpv6-opt-dnszone-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on October 25, 2004. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract The DNS Zone Suffix option provides a mechanism for automated assignment of DNS zone suffix using DHCPv6. This mechanism is intended to assign a DNS zone suffix from DHCPv6 server to a client. The client then uses this suffix to configure its domain name. Conventions used in this document The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in RFC 2119 [3]. Yan Expires October 25, 2004 [Page 1] Internet-Draft DNS zone suffix option for DHCPv6 April 2003 1. Introduction The introduction of 128-bit address of IPv6 makes it very difficult for the user to identify the device by means of its IP address. The use of DNS (Domain Name Service) becomes a necessity. With the help of DNS, a user only needs to remember the relatively simple domain name instead of long IPv6 address. Currently, there exist two methods to register domain name for an IPv6 host: (1) manually add a DNS RR (resource record) into the DNS server database; (2) manually configure a DNS zone suffix infomation in the router, and use the RA-based DNS auto-registration mechanism as described in [5]. In method (1), when the number of IPv6 users is large, it will be troublesome for network administrator to manage. Moreover, the situation will be deteriorated when users need to change the domain name of their devices. Method (2) will only be suitable for the case where a router is presented in the network. Moreover, when large number of routers need to be configured, e.g. in IPv6 access network where CPE may work as an IPv6 router which links some IPv6 terminals to form a home network, it will be better to define an automatic mechanism to configure the DNS zone suffix. This document describes a new option for DHCP, named DNS zone suffix option. Using this option, a DHCPv6 client can get a DNS zone suffix from DHCPv6 server. 2. DHCPv6 specification dependency This document describes a new DHCPv6 option for DNS zone suffix assignment. It should be read in conjunction with the DHCPv6 specification for a complete specification of the DNS zone suffix option and mechanism. Definitions for terms and acronyms not specifically defined in this document are defined in the DHCPv6 specification [2]. 3. Terminology This document uses the terminology defined in RFC2460 [1] and the DHCP specification [2]. 4. DNS Zone Suffix Option The DNS zone suffix option is used to carry a DNS zone suffix to the DHCPv6 client, which will use it to construct and register a domain name. Yan Expires October 25, 2004 [Page 2] Internet-Draft DNS zone suffix option for DHCPv6 April 2003 The format of the DNS zone suffix option is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_DNS_Zone_suffix | option-length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ DNS zone suffix ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ option-code: OPTION_DNS_Zone_suffix (TBD) option-length: Length of the "DNS zone suffix" field in octets. DNS zone suffix: A string of DNS zone suffix. It is comprised of a sequence of labels, where each label consists of a length octet followed by that number of octets. The suffix terminates with the zero length octet for the null label of the root. This field should be padded with zeroes to be the multiple of 8 octets. 5. Appearance of the option The DNS zone suffix option MUST NOT appear in any other than the following messages: Solicit, Advertise, Request, Renew, Rebind, Information-Request, and Reply. 6. Example and applicability +------+ | Node +--+ +------+ | | +------+ | | Node +--+ +--------------- +------+ | | : +-----+ : +---------+ | | +--+ Router +------| ISP | Internet : +---------+ | | : +-----+ +------+ | | | Node +--+ +--------------- +------+ \____________ ___________/ \____________ ___________/ \/ \/ Subscriber's network ISP network Yan Expires October 25, 2004 [Page 3] Internet-Draft DNS zone suffix option for DHCPv6 April 2003 The above figure shows a typical usage of the option. In this model, ISP has the ISP level domain name suffix (e.g. shtele.com). The procedure may follow as: 1. The router in the subscriber network initiate DHCP request with the DNS zone suffix option to get ISP's suffix (i.e. shetele.com). 2. The router passes this suffix to the IPv6 nodes in local subnet, throught an embedded DHCPv6 server or RA-based mechanism described in [5]. Since nodes on different subscriber networks may produce the same domain name, to avoid frequent uniqueness verficication, the router is suggested to extend DNS zone suffix. For example, the DNS zone suffix of two subscriber networks under "shtele.com" maybe "john.shtele.com" and "smith.shtele.com". 3. An IPv6 node creates FQDN for its global address by adding a hostname to the DNS zone suffix, and registers the IP to FQDN mapping and FQDN to IP mapping in the domain name server. This procedure can be realized either by itself using DNS update or through DHCPv6 server [6]. For example, an IPv6 set-top-boxes will hold a domain name "stb.john.shtele.com" in the DNS server. The DNS zone suffix option can be used in conjunction with other DHCP options carrying other configuration information to the router. For example, the router may obtain the addresses of the DNS servers and IPv6 prefix from the ISP's DHCP server, and then passes that configuration information on to the subscriber nodes through a DHCP server in the router. The use of DNS zone suffix option are not limited in access. It can be commonly used in case that IPv6 node needs to configure its domain name in DNS server. 7. Security Considerations Security considerations in DHCP are described in section 23, "Security Considerations" of RFC 3315. A rogue DHCP server can issue bogus zone suffix to a client. This may cause wrong domain name registration. A malicious client may be able to mount a denial of service attach by repeated DHCP requests for zone suffix, thus exhausts the DHCP server's resource. To guard against attack, both DCHP clients and servers SHOULD use DHCP authentication as described in section 21, "Authentication of DHCP messages" of RFC 3315. Yan Expires October 25, 2004 [Page 4] Internet-Draft DNS zone suffix option for DHCPv6 April 2003 8. References 8.1 Normative References [1] Deering, S. and R. Hiden, "Internet Protocol, Version 6 (IPv6) Specification", RFC2460, December 1998. [2] Bound, J., Carney, M., Perkins, C., Lemon, T., Volz, B. and R. Droms (ed.), "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, May 2003. [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [4] P. Vixie, S. Thomson, Y. Rekhter and J. Bound, "Dynamic Updates in the Domain Name System (DNS UPDATE)", RFC2136, April 1997. [5] Jae-Hoon, J., Byung-Yeob, K., Jung-Soo, P. and Hyong-Jun K., "IPv6 Router Advertisement based DNS Autocofiguration", draft- jeong-ipv6-ra-dns-autoconf-00.txt, 17 April, 2003. [6] M.Stapp, Y. Rekhter, "The DHCP Client FQDN Option", draft-dhc- fqdn-option-06.txt, October, 2003. 8.2 Informative References [7] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. 9. Authors' Addresses Renxiang Yan Alcatel Shanghai Bell Co., Ltd. 388#, NingQiao Road, Pudong Jinqiao Shanghai 201206 P.R. China Phone: +86 (21) 5854-1240, ext.: 7169 Emain: renxiang.yan@alcatel-sbell.com.cn Yan Expires October 25, 2004 [Page 5]