Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

IPv6 Router Advertisement Options for DNS Configuration
draft-ietf-6man-rdnss-rfc6106bis-08

Versions:

00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
RFC 8106

The information below is for an old version of the document.

Document	Type	This is an older version of an Internet-Draft that was ultimately published as RFC 8106.
	Authors	Jaehoon Paul Jeong , Soohong Daniel Park , Luc Beloeil , Syam Madanapalli
	Last updated	2016-03-06
	Replaces	draft-jeong-6man-rdnss-rfc6106-bis
	RFC stream	Internet Engineering Task Force (IETF)
	Formats	txt htmlized pdf bibtex bibxml
	Reviews	OPSDIR Last Call review (of -14) by Tim Chown Has nits SECDIR Last Call review (of -14) by Derek Atkins Ready GENART Last Call review (of -14) by Christer Holmberg Ready INTDIR Early review (of -14) by Bob Halley
	Additional resources	Mailing list discussion
Stream	WG state	In WG Last Call
	Document shepherd	Fernando Gont
IESG	IESG state	Became RFC 8106 (Proposed Standard)
	Consensus boilerplate	Unknown
	Telechat date	(None)
	Responsible AD	(None)
	Send notices to	"Fernando Gont" <fgont@si6networks.com>, bob.hinden@gmail.com, otroan@employees.org

Email authors Email WG IPR References Referenced by Nits Search email archive

draft-ietf-6man-rdnss-rfc6106bis-08

Network Working Group J. Jeong
Internet-Draft Sungkyunkwan University
Obsoletes: 6106 (if approved) S. Park
Intended status: Standards Track Korean Bible University
Expires: September 7, 2016 L. Beloeil
France Telecom R&D
S. Madanapalli
iRam Technologies
March 6, 2016

IPv6 Router Advertisement Options for DNS Configuration
draft-ietf-6man-rdnss-rfc6106bis-08

Abstract

This document specifies IPv6 Router Advertisement options to allow
IPv6 routers to advertise a list of DNS recursive server addresses
and a DNS Search List to IPv6 hosts.

This document obsoletes RFC 6106 and allows a higher default value of
the lifetime of the RA DNS options to avoid the frequent expiry of
the options on links with a relatively high rate of packet loss.

Status of This Memo

This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on September 7, 2016.

Jeong, et al. Expires September 7, 2016 [Page 1]
Internet-Draft IPv6 RA DNS Options March 2016

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Applicability Statements . . . . . . . . . . . . . . . . . 3
1.2. Coexistence of RA Options and DHCP Options for DNS
Configuration . . . . . . . . . . . . . . . . . . . . . . 4
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5
5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 6
5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7
5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8
5.3.1. Procedure in IPv6 Host . . . . . . . . . . . . . . . . 8
5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9
6. Implementation Considerations . . . . . . . . . . . . . . . . 9
6.1. DNS Repository Management . . . . . . . . . . . . . . . . 10
6.2. Synchronization between DNS Server List and Resolver
Repository . . . . . . . . . . . . . . . . . . . . . . . . 11
6.3. Synchronization between DNS Search List and Resolver
Repository . . . . . . . . . . . . . . . . . . . . . . . . 12
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
7.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 12
7.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 13
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.1. Normative References . . . . . . . . . . . . . . . . . . . 14
10.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. Changes from RFC 6106 . . . . . . . . . . . . . . . . 16

Jeong, et al. Expires September 7, 2016 [Page 2]
Internet-Draft IPv6 RA DNS Options March 2016

1. Introduction

The purpose of this document is to standardize an IPv6 Router
Advertisement (RA) option for DNS Recursive Server Addresses used for
the DNS name resolution in IPv6 hosts. This RA option was originally
specified in an earlier Experimental specification [RFC5006] and was
later published as a Standards Track in [RFC6106]. This document
obsoletes [RFC6106], allowing a higher default value of the lifetime
of the RA DNS options to avoid the frequent expiry of the options on
links with a relatively high rate of packet loss, and also making
additional clarifications, see Appendix B for details.

Neighbor Discovery (ND) for IP version 6 and IPv6 Stateless Address
Autoconfiguration (SLAAC) provide ways to configure either fixed or
mobile nodes with one or more IPv6 addresses, default routers, and
some other parameters [RFC4861][RFC4862]. Most Internet names are
identified by using a DNS name. The two RA options defined in this
document provide the DNS information needed for an IPv6 host to reach
Internet names.

It is infeasible to manually configure nomadic hosts each time they
connect to a different network. While a one-time static
configuration is possible, it is generally not desirable on general-
purpose hosts such as laptops. For instance, locally defined name
spaces would not be available to the host if it were to run its own
recursive name server directly connected to the global DNS.

The DNS information can also be provided through DHCPv6 [RFC3315]
[RFC3736][RFC3646]. However, the access to DNS is a fundamental
requirement for almost all hosts, so IPv6 stateless autoconfiguration
cannot stand on its own as an alternative deployment model in any
practical network without any support for DNS configuration.

These issues are not pressing in dual-stack networks as long as a DNS
server is available on the IPv4 side, but they become more critical
with the deployment of IPv6-only networks. As a result, this
document defines a mechanism based on IPv6 RA options to allow IPv6
hosts to perform the automatic DNS configuration.

1.1. Applicability Statements

RA-based DNS configuration is a useful alternative in networks where
an IPv6 host's address is autoconfigured through IPv6 stateless
address autoconfiguration and where there is either no DHCPv6
infrastructure at all or some hosts do not have a DHCPv6 client. The
intention is to enable the full configuration of basic networking
information for hosts without requiring DHCPv6. However, for
networks that need to distribute additional information, DHCPv6 is

Jeong, et al. Expires September 7, 2016 [Page 3]
Internet-Draft IPv6 RA DNS Options March 2016

likely to be employed. In these networks, RA-based DNS configuration
may not be needed.

RA-based DNS configuration allows an IPv6 host to acquire the DNS
configuration (i.e., DNS recursive server addresses and DNS Search
List) for the link(s) to which the host is connected. Furthermore,
the host learns this DNS configuration from the same RA message that
provides configuration information for the link.

The advantages and disadvantages of the RA-based approach are
discussed in [RFC4339] along with other approaches, such as the DHCP
and well-known anycast address approaches.

1.2. Coexistence of RA Options and DHCP Options for DNS Configuration

Two protocols exist to configure the DNS information on a host, the
Router Advertisement options specified in this document and the
DHCPv6 options specified in [RFC3646]. They can be used together.
The rules governing the decision to use stateful configuration
mechanisms are specified in [RFC4861]. Hosts conforming to this
specification MUST extract DNS information from Router Advertisement
messages, unless static DNS configuration has been specified by the
user. If there is DNS information available from multiple Router
Advertisements and/or from DHCP, the host MUST maintain an ordered
list of this information as specified in Section 5.3.1.

2. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].

3. Terminology

This document uses the terminology defined in [RFC4861] and
[RFC4862]. In addition, four new terms are defined below:

o Recursive DNS Server (RDNSS): Server that provides a recursive DNS
resolution service for translating domain names into IP addresses
or resolving PTR records, as defined in [RFC1034] and [RFC1035].

o RDNSS Option: IPv6 RA option to deliver the RDNSS information to
IPv6 hosts [RFC4861].

o DNS Search List (DNSSL): The list of DNS suffix domain names used
by IPv6 hosts when they perform DNS query searches for short,
unqualified domain names.

Jeong, et al. Expires September 7, 2016 [Page 4]
Internet-Draft IPv6 RA DNS Options March 2016

o DNSSL Option: IPv6 RA option to deliver the DNSSL information to
IPv6 hosts.

o DNS Repository: Two data structures for managing DNS Configuration
Information in the IPv6 protocol stack in addition to Neighbor
Cache and Destination Cache for Neighbor Discovery [RFC4861]. The
first data structure is the DNS Server List for RDNSS addresses
and the second is the DNS Search List for DNS search domain names.

o Resolver Repository: Configuration repository with RDNSS addresses
and a DNS Search List that a DNS resolver on the host uses for DNS
name resolution; for example, the Unix resolver file (i.e., /etc/
resolv.conf) and Windows registry.

4. Overview

This document standardizes the ND option called the RDNSS option
defined in [RFC6106] that contains the addresses of recursive DNS
servers. This document also standardizes the ND option called the
DNSSL option defined in [RFC6106] that contains the Domain Search
List. This is to maintain parity with the DHCPv6 options and to
ensure that there is necessary functionality to determine the search
domains.

The existing ND message (i.e., Router Advertisement) is used to carry
this information. An IPv6 host can configure the IPv6 addresses of
one or more RDNSSes via RA messages. Through the RDNSS and DNSSL
options, along with the prefix information option based on the ND
protocol ([RFC4861] and [RFC4862]), an IPv6 host can perform the
network configuration of its IPv6 address and the DNS information
simultaneously without needing DHCPv6 for the DNS configuration. The
RA options for RDNSS and DNSSL can be used on the network that
supports the use of ND.

This approach requires the manual configuration or other automatic
mechanisms (e.g., DHCPv6 or vendor proprietary configuration
mechanisms) to configure the DNS information in routers sending the
advertisements. The automatic configuration of RDNSS addresses and a
DNS Search List in routers is out of scope for this document.

5. Neighbor Discovery Extension

The IPv6 DNS configuration mechanism in this document needs two ND
options in Neighbor Discovery: (i) the Recursive DNS Server (RDNSS)
option and (ii) the DNS Search List (DNSSL) option.

Jeong, et al. Expires September 7, 2016 [Page 5]
Internet-Draft IPv6 RA DNS Options March 2016

5.1. Recursive DNS Server Option

The RDNSS option contains one or more IPv6 addresses of recursive DNS
servers. All of the addresses share the same Lifetime value. If it
is desirable to have different Lifetime values, multiple RDNSS
options can be used. Figure 1 shows the format of the RDNSS option.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
: Addresses of IPv6 Recursive DNS Servers :
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 1: Recursive DNS Server (RDNSS) Option Format

Fields:
Type 8-bit identifier of the RDNSS option type as assigned
by the IANA: 25

Length 8-bit unsigned integer. The length of the option
(including the Type and Length fields) is in units of
8 octets. The minimum value is 3 if one IPv6 address
is contained in the option. Every additional RDNSS
address increases the length by 2. The Length field
is used by the receiver to determine the number of
IPv6 addresses in the option.

Lifetime 32-bit unsigned integer. The maximum time in
seconds (relative to the time the packet is received)
over which these RDNSS addresses MAY be used for name
resolution. The value of Lifetime SHOULD by default
be at least 3 * MaxRtrAdvInterval where
MaxRtrAdvInterval is the Maximum RA Interval defined
in [RFC4861]. A value of all one bits (0xffffffff)
represents infinity. A value of zero means that the
RDNSS addresses MUST no longer be used.

Addresses of IPv6 Recursive DNS Servers
One or more 128-bit IPv6 addresses of the recursive
DNS servers. The number of addresses is determined
by the Length field. That is, the number of

Jeong, et al. Expires September 7, 2016 [Page 6]
Internet-Draft IPv6 RA DNS Options March 2016

addresses is equal to (Length - 1) / 2.

Note: The addresses for recursive DNS servers in the RDNSS option
MAY be link-local addresses. Such link-local addresses SHOULD be
registered into the resolver repository along with the
corresponding link zone indices of the links that receive the
RDNSS option(s) for them. The link-local addresses MAY be
represented with their link zone indices in the textual format for
scoped addresses as described in [RFC4007]. When a resolver sends
a DNS query message to an RDNSS with a link-local address, it MUST
use the corresponding link.

5.2. DNS Search List Option

The DNSSL option contains one or more domain names of DNS suffixes.
All of the domain names share the same Lifetime value. If it is
desirable to have different Lifetime values, multiple DNSSL options
can be used. Figure 2 shows the format of the DNSSL option.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
: Domain Names of DNS Search List :
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 2: DNS Search List (DNSSL) Option Format

Fields:
Type 8-bit identifier of the DNSSL option type as assigned
by the IANA: 31

Length 8-bit unsigned integer. The length of the option
(including the Type and Length fields) is in units of
8 octets. The minimum value is 2 if at least one
domain name is contained in the option. The Length
field is set to a multiple of 8 octets to accommodate
all the domain names in the field of Domain Names of
DNS Search List.

Lifetime 32-bit unsigned integer. The maximum time in
seconds (relative to the time the packet is received)

Jeong, et al. Expires September 7, 2016 [Page 7]
Internet-Draft IPv6 RA DNS Options March 2016

RFC 1044 IP on Network Systems HYPERchannel February 1988

network message.

Existing bridges or "link adapters" can be programmed to become
"selective repeaters" in that they can receive network messages
containing a subset of network addresses send them over the bridge
medium (if present) and reintroduce them on the other network. Such
interconnected local area networks are considered a single network
from an addressing point of view.

A large NSC network can have up to 64K networks which can be
complexly interconnected by network bridges and/or "backbone"
networks which distribute data between other networks. To simplify
the mechanics of message forwarding, the 16-bit network field is
divided into two eight quantities, a "network number" identifying
which network is to receive the message and a "domain number" which
specifies which network of networks is the recipient.

The bridge technology adapters which move messages between networks
have address recognition hardware which examines all the 24-bits in
bytes 2-5 of the network message header to determine if the bridge
should accept the message for forwarding. At any given instant of
time in the network, each bridge will have a list of networks and
domains that it should accept for forwarding to a network at the
other end of the bridge. Each Adapter (Including Newer Technology
host adapters) contains in address recognition hardware:

o domainmask -- a 256-bit mask of domain numbers that should be
accepted for forwarding (not local processing) by this adapter.
o MyDomain -- the value of the domain on which this host
adapter or bridge end is installed.
o NetworkMask -- a 256-bit mask of network numbers that should be
accepted for forwarding by this adapter.
o MyNetwork - the value of the network on which this host
adapter or bridge end is installed.
o AddressMask -- A 256-bit mask of the local network addresses
that should be accepted by the adapter.
o MyAddress -- the "base address" of the box, which must be
supplied in any message that is directed to control processes
within the adapter, such as a loopback message.

Address recognition takes place using the algorithm:

IF Domain IN DomainMask OR
IF (Domain = MyDomain AND Network IN NetworkMask) OR
IF (Domain = MyDomain AND Network = MyNetwork AND
Address IN AddressMask) THEN accept-message
ELSE ignore-message.

Hardwick & Lekashman [Page 11]
RFC 1044 IP on Network Systems HYPERchannel February 1988

This algorithm means that an adapter's hardware address recognition
logic will accept any messages to the box itself, any secondary or
aliased local addresses owned by the adapter, and any message
directed to a remote network or domain that that particular adapter
is prepared to forward.

32-BIT MESSAGE FIELDS

TRUNK MASK

Is as in the basic network message. Messages that are to be
delivered outside the immediate network should have 0xFF in this byte
so that all possible trunks in intermediate networks should be tried.
Locally delivered 32-bit messages may still contain specially
tailored trunk masks to satisfy local delivery needs.

MESSAGE FLAGS

The currently defined bits remain as before. Three new bits have
been defined since that time.

CRC (END-END MESSAGE INTEGRITY). Newer technology host adapters are
capable of generating a 32-bit CRC for the entire network message as
soon as it is received over the channel or bus interface from the
host. This 32-bit CRC is appended to the end of the associated data
block and is preserved through the entire delivery process until it
is checked by the host adapter that is the ultimate recipient of the
message, which removes it. This end to end integrity checking is
designed to provide a high degree of assurance that data has been
correctly moved through all intermediate LAN's, geographic links, and
internal adapter hardware and processes.

SRC (SOURCE FROM ADDRESS CORRECT). This bit is provided to take
advantage of the physical nature of the network address to optionally
verify that the 32-bit FROM address provided in the network message
is in fact the location that the message originated. If the bit is
not set by the transmitting host, no particular processing occurs on
the message. If the bit is set, then all intermediate adapters
involved in the delivery of the message have the privilege of turning
the bit off if the received message FROM address is not a TO address
that would be delivered to the originator if the message were going
the opposite direction.

If the message is received by a host computer with this bit still
set, then the FROM address is guaranteed correct in the sense that
returning a message with TO and FROM information reversed will result
in delivery of the message to the process that actually originated

Hardwick & Lekashman [Page 12]
RFC 1044 IP on Network Systems HYPERchannel February 1988

it. By careful attention to the physical security of adapters and
intermediate links between networks, a high degree of security can be
built into systems that simply examine the FROM address of a message
to determine the legitimacy of its associated request.

GNA (GLOBAL NETWORK ADDRESSING). This bit ON indicates that 32-bit
addressing is present in the message. When this bit is on, bytes 2-3
(Domain and Network numbers) should also be nonzero.

TO ADDRESS

Four bytes contain the TO address, which is used to deliver the
network message as described in "Address Recognition and Message
Forwarding" on page 8. The "logical" part of the TO address is used
to designate a protocol server exactly as in the basic format network
message header.

The existing "address" field has its high order bit reserved as an
outnet bit for compatibility with existing A-series network adapter
equipment. Were it not for this bit, the A-series adapters would
attempt to accept messages that were "passing through" the local
network on their way elsewhere simply because the address field
matched while the the Domain and Network numbers (ignored by the A-
series adapters) were quite different.

This "outnet" bit is used in the following way:

o All network adapters (of any type) in an extended set of
networks containing A-Series adapters that will ever use 32-bit
addressing must have their addresses in the range 00-7F (hex.)

o If a message is to be sent to a destination on a nonlocal
network and domain on such an extended network, then the
high order bit of the address field is turned on.

o When the last bridge in the chain realizes that it is about to
forward the message to its final destination (the Domain and
Network numbers are local), then it turns the Outnet bit off.
This will result in local delivery to the destination adapter.

FROM ADDRESS

The FROM address follows the same logic as the TO address in that any
message can be returned to its source by reversing the FROM and TO
fields of the message. Since so many protocols examine byte 8 of the
message to determine its type, the FROM field has been split so that
the Domain and Network numbers extend into bytes 10-11.

Hardwick & Lekashman [Page 13]
RFC 1044 IP on Network Systems HYPERchannel February 1988

MESSAGE TYPE

This field (informally defined in the past) has been extended to 16-
bits so that a unique value can be assigned to any present or future
protocol which is layer on HYPERchannel messages for either private
or public use.

AGE COUNT

This field serves the same purpose as the IP "time to live" in that
it prevents datagrams from endlessly circulating about in an
improperly configured network. Each time a 32-bit message passes
through a bridge, the Age Count is decremented by one. When the
result is zero, the message is discarded by the bridge.

NEXT HEADER OFFSET AND HEADER END OFFSET

These are used as fields to optionally provide "loose source
routing", where a list of 32-bit TO addresses can be provided by the
transmitter to explicitly determine the path of a message through the
network. If this feature is not used, both these fields would
contain the value 16 (decimal) to both indicate extra TO addresses
are absent and that the beginning of protocol data following the
HYPERchannel header is in byte 16.

Although it is conceivable that a HYPERchannel IP process could use
this source routing capability to direct messages to hosts or
gateways, this capability is not felt to be of sufficient value to IP
to build it into a HYPERchannel IP protocol.

In the future, all higher level protocols should be able to examine
Header End Offset to determine the start of the higher level protocol
information.

BROADCASTING

NSC message forwarding protocols use low level link protocols to
negotiate transmission of a message to its next destination on the
network. Furthermore, NSC network boxes often "fan out" so that
several hosts share the same network transmission equipment as in the
A400 adapter. Both these characteristics mean that providing a
genuine broadcast capability is not a trivial task, and in fact no
current implementations of NSC technology support a broadcast
capability.

The last several years have seen broadcast applications mature to the
point where they have virtually unquestioned utility on a local and
sometimes campuswide basis. Accordingly, new NSC technologies will

Hardwick & Lekashman [Page 14]
RFC 1044 IP on Network Systems HYPERchannel February 1988

support a broadcast capability. Information on the use of this
capability is included here as it is essential to the discussion of
the Address Resolution Protocol later in this document.

Broadcast capability will be supported only with the extended (32-bit
address) message format. A broadcast message will have the following
general appearance:

Hardwick & Lekashman [Page 15]
over which these DNSSL domain names MAY be used for
name resolution. The Lifetime value has the same
semantics as with the RDNSS option. That is,
Lifetime SHOULD by default be at least
3 * MaxRtrAdvInterval. A value of all one bits
(0xffffffff) represents infinity. A value of zero
means that the DNSSL domain names MUST no longer be
used.

Domain Names of DNS Search List
One or more domain names of DNS Search List that MUST
be encoded as described in Section 3.1 of [RFC1035].
By this technique, each domain name is represented as
a sequence of labels ending in a zero octet, defined
as domain name representation. For more than one
domain name, the corresponding domain name
representations are concatenated as they are. Note
that for the simple decoding, the domain names MUST
NOT be encoded in a compressed form, as described in
Section 4.1.4 of [RFC1035]. Because the size of this
field MUST be a multiple of 8 octets, for the minimum
multiple including the domain name representations,
the remaining octets other than the encoding parts of
the domain name representations MUST be padded with
zeros.

5.3. Procedure of DNS Configuration

The procedure of DNS configuration through the RDNSS and DNSSL
options is the same as with any other ND option [RFC4861].

5.3.1. Procedure in IPv6 Host

When an IPv6 host receives DNS options (i.e., RDNSS option and DNSSL
option) through RA messages, it processes the options as follows:

o The validity of DNS options is checked with the Length field; that
is, the value of the Length field in the RDNSS option is greater
than or equal to the minimum value (3), and satisfies that (Length
- 1) % 2 == 0. The value of the Length field in the DNSSL option
is greater than or equal to the minimum value (2). Also, the
validity of the RDNSS option is checked with the "Addresses of
IPv6 Recursive DNS Servers" field; that is, the addresses should
be unicast addresses.

o If the DNS options are valid, the host SHOULD copy the values of
the options into the DNS Repository and the Resolver Repository in
order. Otherwise, the host MUST discard the options. Refer to

Jeong, et al. Expires September 7, 2016 [Page 8]
Internet-Draft IPv6 RA DNS Options March 2016

Section 6 for the detailed procedure.

In the case where the DNS options of RDNSS and DNSSL can be obtained
from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep
some DNS options from all sources. Unless explicitly specified for
the discovery mechanism, the exact number of addresses and domain
names to keep is a matter of local policy and implementation choice
as a local configuration option. However, in the case of multiple
sources, the ability to store a total of at least three RDNSS
addresses (or DNSSL domain names) from the multiple sources is
RECOMMENDED. The DNS options from Router Advertisements and DHCP
SHOULD be stored into the DNS Repository and Resolver Repository so
that information from DHCP appears there first and therefore takes
precedence. Thus, the DNS information from DHCP takes precedence
over that from RA for DNS queries. On the other hand, for DNS
options announced by RA, if some RAs use the Secure Neighbor
Discovery (SEND) protocol [RFC3971] for RA security, they MUST be
preferred over those that do not use SEND. Refer to Section 7 for
the detailed discussion on SEND for RA DNS options.

5.3.2. Warnings for DNS Options Configuration

There are two warnings for DNS options configuration: (i) warning for
multiple sources of DNS options and (ii) warning for multiple network
interfaces. First, in the case of multiple sources for DNS options
(e.g., RA and DHCP), an IPv6 host can configure its IP addresses from
these sources. In this case, it is not possible to control how the
host uses DNS information and what source addresses it uses to send
DNS queries. As a result, configurations where different information
is provided by different sources may lead to problems. Therefore,
the network administrator needs to configure different DNS options in
the multiple sources in order to minimize the impact of such problems
[DHCPv6-SLAAC].

Second, if different DNS information is provided on different network
interfaces, this can lead to inconsistent behavior. The IETF worked
on solving this problem for both DNS and other information obtained
by multiple interfaces [RFC6418][RFC6419], and standardized the
solution for RDNSS selection for multi-interfaced nodes in [RFC6731],
which is based on DHCP.

6. Implementation Considerations

Note: This non-normative section gives some hints for implementing
the processing of the RDNSS and DNSSL options in an IPv6 host.

For the configuration and management of DNS information, the
advertised DNS configuration information can be stored and managed in

Jeong, et al. Expires September 7, 2016 [Page 9]
Internet-Draft IPv6 RA DNS Options March 2016

both the DNS Repository and the Resolver Repository.

In environments where the DNS information is stored in user space and
ND runs in the kernel, it is necessary to synchronize the DNS
information (i.e., RDNSS addresses and DNS search domain names) in
kernel space and the Resolver Repository in user space. In these
environments, a user space application cannot receive RA via an
ICMPv6 socket using the standard advanced socket Application Program
Interface (API) in [RFC3542]. For the synchronization, an
implementation where ND works in the kernel should provide a write
operation for updating DNS information from the kernel to the
Resolver Repository. One simple approach is to have a daemon (or a
program that is called at defined intervals) that keeps monitoring
the Lifetimes of RDNSS addresses and DNS search domain names all the
time. Whenever there is an expired entry in the DNS Repository, the
daemon can delete the corresponding entry from the Resolver
Repository.

6.1. DNS Repository Management

For DNS repository management, the kernel or user-space process
(depending on where RAs are processed) should maintain two data
structures: (i) DNS Server List that keeps the list of RDNSS
addresses and (ii) DNS Search List that keeps the list of DNS search
domain names. Each entry in these two lists consists of a pair of an
RDNSS address (or DNSSL domain name) and Expiration-time as follows:

o RDNSS address for DNS Server List: IPv6 address of the Recursive
DNS Server, which is available for recursive DNS resolution
service in the network advertising the RDNSS option.

o DNSSL domain name for DNS Search List: DNS suffix domain names,
which are used to perform DNS query searches for short,
unqualified domain names for the RDNSS address, which is
advertised by the same RA message having the DNSSL option, in the
network advertising the DNSSL option.

o Expiration-time for DNS Server List or DNS Search List: The time
when this entry becomes invalid. Expiration-time is set to the
value of the Lifetime field of the RDNSS option or DNSSL option
plus the current time. Whenever a new RDNSS option with the same
address (or DNSSL option with the same domain name) is received on
the same interface as a previous RDNSS option (or DNSSL option),
this field is updated to have a new Expiration-time. When the
current time becomes larger than Expiration-time, this entry is
regarded as expired. Note that the DNS information for the RDNSS
and DNSSL options need not be dropped if the expiry of the RA
router lifetime happens. This is because these options have their

Jeong, et al. Expires September 7, 2016 [Page 10]
Internet-Draft IPv6 RA DNS Options March 2016

own lifetime values.

6.2. Synchronization between DNS Server List and Resolver Repository

When an IPv6 host receives the information of multiple RDNSS
addresses within a network (e.g., campus network and company network)
through an RA message with RDNSS option(s), it stores the RDNSS
addresses (in order) into both the DNS Server List and the Resolver
Repository. The processing of the RDNSS consists of (i) the
processing of RDNSS option(s) included in an RA message and (ii) the
handling of expired RDNSSes. The processing of RDNSS option(s) is as
follows:

Step (a): Receive and parse the RDNSS option(s). For the RDNSS
addresses in each RDNSS option, perform Steps (b) through (d).

Step (b): For each RDNSS address, check the following: If the
RDNSS address already exists in the DNS Server List and the RDNSS
option's Lifetime field is set to zero, delete the corresponding
RDNSS entry from both the DNS Server List and the Resolver
Repository in order to prevent the RDNSS address from being used
any more for certain reasons in network management, e.g., the
termination of the RDNSS or a renumbering situation. That is, the
RDNSS can resign from its DNS service because the machine running
the RDNSS is out of service intentionally or unintentionally.
Also, under the renumbering situation, the RDNSS's IPv6 address
will be changed, so the previous RDNSS address should not be used
any more. The processing of this RDNSS address is finished here.
Otherwise, go to Step (c).

Step (c): For each RDNSS address, if it already exists in the DNS
Server List, then just update the value of the Expiration-time
field according to the procedure specified in the third bullet of
Section 6.1. Otherwise, go to Step (d).

Step (d): For each RDNSS address, if it does not exist in the DNS
Server List, register the RDNSS address and Lifetime with the DNS
Server List and then insert the RDNSS address in front of the
Resolver Repository. In the case where the data structure for the
DNS Server List is full of RDNSS entries (that is, has more
RDNSSes than the sufficient number discussed in Section 5.3.1),
delete from the DNS Server List the entry with the shortest
Expiration-time (i.e., the entry that will expire first). The
corresponding RDNSS address is also deleted from the Resolver
Repository. For the ordering of RDNSS addresses in an RDNSS
option, position the first RDNSS address in the RDNSS option as
the first one in the Resolver Repository, the second RDNSS address
in the option as the second one in the repository, and so on.

Jeong, et al. Expires September 7, 2016 [Page 11]
Internet-Draft IPv6 RA DNS Options March 2016

This ordering allows the RDNSS addresses in the RDNSS option to be
preferred according to their order in the RDNSS option for the DNS
name resolution. The processing of these RDNSS addresses is
finished here.

The handling of expired RDNSSes is as follows: Whenever an entry
expires in the DNS Server List, the expired entry is deleted from the
DNS Server List, and also the RDNSS address corresponding to the
entry is deleted from the Resolver Repository.

6.3. Synchronization between DNS Search List and Resolver Repository

When an IPv6 host receives the information of multiple DNSSL domain
names within a network (e.g., campus network and company network)
through an RA message with DNSSL option(s), it stores the DNSSL
domain names (in order) into both the DNS Search List and the
Resolver Repository. The processing of the DNSSL consists of (i) the
processing of DNSSL option(s) included in an RA message and (ii) the
handling of expired DNSSLs. The processing of DNSSL option(s) is the
same with that of RDNSS option(s) in Section 6.2 except Step (b).

In Step (b), if the DNSSL domain name already exists in the DNS
Search List and the DNSSL option's Lifetime field is set to zero,
delete the corresponding DNSSL entry from both the DNS Search List
and the Resolver Repository in order to prevent the DNSSL domain name
from being used any more for certain reasons in network management,
e.g., the termination of the usage of the DNSSL domain name. That
is, the DNSSL domain name may not be used any more by the policy of
the network.

7. Security Considerations

In this section, we analyze security threats related to DNS options
and then suggest recommendations to cope with such security threats.

7.1. Security Threats

For the RDNSS option, an attacker could send an RA with a fraudulent
RDNSS address, misleading IPv6 hosts into contacting an unintended
DNS server for DNS name resolution. Also, for the DNSSL option, an
attacker can let IPv6 hosts resolve a host name without a DNS suffix
into an unintended host's IP address with a fraudulent DNS Search
List. These attacks are similar to ND attacks specified in [RFC4861]
that use Redirect or Neighbor Advertisement messages to redirect
traffic to individual addresses of malicious parties.

However, the security of these RA options for DNS configuration does
not affect ND protocol security [RFC4861]. This is because learning

Jeong, et al. Expires September 7, 2016 [Page 12]
Internet-Draft IPv6 RA DNS Options March 2016

DNS information via the RA options cannot be worse than learning bad
router information via the RA options. Therefore, the vulnerability
of ND is not worse and is a subset of the attacks that any node
attached to a LAN can do.

7.2. Recommendations

The Secure Neighbor Discovery (SEND) protocol [RFC3971] MAY be used
as a security mechanism for ND. In this case, ND can use SEND to
allow all the ND options including the RDNSS and DNSSL options to be
automatically included in the signatures. Other approaches specified
in [RFC4861] can be used for securing the RA options for DNS
configuration.

It is common for network devices such as switches to include
mechanisms to block unauthorized ports from running a DHCPv6 server
to provide protection from rogue DHCPv6 servers [RFC7610]. That
means that an attacker on other ports cannot insert bogus DNS servers
using DHCPv6. The corresponding technique for network devices is
RECOMMENDED to block rogue Router Advertisement messages [RFC6104]
including the RDNSS and DNSSL options from unauthorized nodes.

An attacker may provide a bogus DNS Search List option in order to
cause the victim to send DNS queries to a specific DNS server when
the victim queries non-FQDNs (fully qualified domain names). For
this attack, the DNS resolver in IPv6 hosts can mitigate the
vulnerability with the recommendations mentioned in [RFC1535],
[RFC1536], and [RFC3646].

8. IANA Considerations

The RDNSS option defined in this document uses the IPv6 Neighbor
Discovery Option type defined in RFC 6106 [RFC6106], which was
assigned by the IANA as follows:

Option Name Type
Recursive DNS Server Option 25

The DNSSL option defined in this document uses the IPv6 Neighbor
Discovery Option type defined in RFC 6106 [RFC6106], which was
assigned by the IANA as follows:

Option Name Type
DNS Search List Option 31

These options have been registered in the "Internet Control Message
Protocol version 6 (ICMPv6) Parameters" registry (http://
www.iana.org/assignments/icmpv6-parameters/

Jeong, et al. Expires September 7, 2016 [Page 13]
Internet-Draft IPv6 RA DNS Options March 2016

icmpv6-parameters.xhtml#icmpv6-parameters-5).

9. Acknowledgements

This document has greatly benefited from inputs by Robert Hinden,
Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik
Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony
Cheneau, Fernando Gont, Jen Linkova, Ole Troan, Mark Smith, Tatuya
Jinmei, Lorenzo Colitti, Tore Anderson, David Farmer, and Bing Liu.
The authors sincerely appreciate their contributions.

10. References

10.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H.
Soliman, "Neighbor Discovery for IP version 6
(IPv6)", RFC 4861, September 2007.

[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6
Stateless Address Autoconfiguration", RFC 4862,
September 2007.

[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.

[RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E.,
and B. Zill, "IPv6 Scoped Address Architecture",
RFC 4007, March 2005.

10.2. Informative References

[RFC1034] Mockapetris, P., "Domain names - concepts and
facilities", STD 13, RFC 1034, November 1987.

[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration
Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.

[RFC3736] Droms, R., "Stateless Dynamic Host Configuration
Protocol (DHCP) Service for IPv6", RFC 3736,
April 2004.

[RFC3646] Droms, R., "DNS Configuration options for Dynamic
Host Configuration Protocol for IPv6 (DHCPv6)",

Jeong, et al. Expires September 7, 2016 [Page 14]
Internet-Draft IPv6 RA DNS Options March 2016

RFC 3646, December 2003.

[RFC5006] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Option for DNS
Configuration", RFC 5006, September 2007.

[RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS
Configuration", RFC 6106, November 2010.

[RFC4339] Jeong, J., "IPv6 Host Configuration of DNS Server
Information Approaches", RFC 4339, February 2006.

[RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander,
RFC 1044 IP on Network Systems HYPERchannel February 1988

TRUNKS TO TRY AND MESSAGE FLAGS

These fields are defined just as with a normal 32-bit message. All
bits in the Message Flags field are valid with broadcast modes.

BROADCAST ADDRESS

For Domain, Network and Adapter Address fields, the value 0xFF is
reserved for use by the broadcast mechanism. A value of 0xFF in the
adapter address field indicates to the local network hardware that
this message is to be sent to all connected network equipment on the
individual network.

A value of 0xFF in the network or domain fields, respectively
indicates a request that the scope of the broadcast exceed the local
network. The bridging link adapters will receive the broadcast
message along with everyone else and will examine the "Broadcast
Channel" field and their internal switches to determine if the
message should be forwarded to other remote networks.

If the Network and Domain fields contain the local network and
domain, then the broadcast message will only be broadcast within the
local network. If a remote Network and Domain is specified, then the
message will be delivered as a single message to the remote network
and broadcast there.

BROADCAST CHANNEL

Since individual hosts and protocol servers generally are not
interested in all broadcast messages that float about the network, a
filtering mechanism is provided in the header and network adapter
equipment so that only proper classes of broadcast messages are
delivered to the end point.

Broadcast channel numbers in the range 00-0xFF will be assigned by
NSC much like the "message type" field. Host protocol servers
specify a specific TO address containing a channel number (such as
0xFF04) when they bind themselves to the HYPERchannel device driver.
The driver and the underlying equipment will deliver only broadcast
messages with the correct channel number to the protocol server. If
a protocol server wishes to receive several different broadcast
messages, it must bind itself to the driver several times with the
desired addresses.

Link adapters that are prepared to handle multinetwork broadcast
messages may be equipped with switches to determine which broadcast
channels will be propagated into the next network. Since
multinetwork broadcast is an arrangement that must be configured with

Hardwick & Lekashman [Page 16]
RFC 1044 IP on Network Systems HYPERchannel February 1988

care, these switches are off by default.

FROM ADDRESS

The FROM address is constructed just as with a normal 32-bit network
message. The Source Address Correct bit is processed just as with a
normal message.

MESSAGE TYPE

Message type is defined as with normal messages. Presumably
broadcast applications will have unique message types that are not
generally found in normal messages.

AGE COUNT

Age count is vitally important in a multinetwork broadcast as "loops"
in the network can cause a great deal of activity until all the
progeny of the original broadcast message die out.

PROTOCOL SPECIFICATION

This section contains information on the technique used to
encapsulate IP datagrams on the HYPERchannel network message. It
contains three sections to describe three protocol packagings:

o The technique used to encapsulate IP datagrams on the basic
16-bit network message. This is a de facto standard that has
been in use for several years and is documented here to make it
official.

o The encapsulation technique for IP datagrams on 32 bit network
messages.

o The definition of an Address Resolution Protocol on
HYPERchannel.

Hardwick & Lekashman [Page 17]
RFC 1044 IP on Network Systems HYPERchannel February 1988

BASIC (16-BIT) MESSAGE ENCAPSULATION

TRUNK MASK

From the vantage of an IP driver, any trunk mask is valid so long as
it results in successful delivery of the HYPERchannel network message
to its destination. There is no reason to check this field for
validity on reception of the message. Specification of the Trunk
Mask on output is a local affair that could be specified by the
transmitting driver's address resolution tables.

Hardwick & Lekashman [Page 18]
RFC 1044 IP on Network Systems HYPERchannel February 1988

MESSAGE FLAGS

No use is made of the Flags field (byte 1) other than to
appropriately set the Associated Data bit. Burst Mode and the
Exception bit should not be used with IP.

ACCESS CODE

Although some current implementations of IP on HYPERchannel support
the access code, no one appears to be using it at the current time.
Since this field is currently reserved for the use of 32-bit
addresses, no value other than 0000 should be placed in this field.

TO ADDRESS

The TO field is generally obtained by a local IP driver through a
table lookup algorithm where a 16-bit TO address is found that
corresponds to the IP address of a local host or gateway. The high
order bits of the TO address of course refer to the adapter number
the adapter attached to the destination host.

The logical TO field should contain the protocol server address of
the HYPERchannel IP driver for that host as determined by the host's
system administrator. Many HYPERchannel TCP/IP drivers in the field
today are not "open" in that any network message delivered to that
host will be presumed to be an IP datagram regardless of the logical
TO field; however any transmitting IP process should be capable of
generating the entire 16-bit TO field in order to generate a message
capable of reaching a destination IP process.

The process of determining which HYPERchannel address will receive an
IP datagram based on its IP address is a major topic that is covered
in "Address Resolution".

FROM ADDRESS

The FROM address is filled in with the address that the local driver
expects to receive from the network, but no particular use is make of
the FROM address.

MESSAGE TYPE

Network Systems requests that a value of 5 (decimal) be placed in
this byte to uniquely indicate that the network message is being used
to carry IP traffic. No other well-behaved protocol using
HYPERchannel should duplicate this value of 5.

Hardwick & Lekashman [Page 19]
RFC 1044 IP on Network Systems HYPERchannel February 1988

Many current implementations of IP on HYPERchannel place a zero or
other values in this field simply because no value was reserved for
IP usage. Transmitting versions of IP should always place a 5 in
this field; receiving IP's should presume a delivered message to be
an IP datagram until proven otherwise regardless of the contents of
the Message Type field.

Developers should note that it is often convenient to permit
reception of the value 0xFF00 in bytes 8 and 9 of the IP datagram.
Transmitting a message with this value will cause it to be looped
back at the destination adapter and returned to the protocol server
designate in the FROM address. This permits the developer have host
applications talk to others on the same host for purposes of network
interface or other protocol debugging.
IP HEADER OFFSET

Byte 9 contains the offset to the start of the IP header within the
message proper, such that the Message Proper address plus the IP
header offset generates the address of the first byte of the IP
header (at least on byte addressable machines.)

This field is redundant with the offset field in byte 11, and is
present for cosmetic compatibility with 32-bit implementations. On
reception, the value in byte 11 should take precedence.

As part of the migration to larger HYPERchannel headers, this field
will become significant with the 32-bit addressing format, as the
length of the header is no longer 10 bytes and byte 11 is used for
other purposes.

IP TYPE DESIGNATOR

Early implementations of IP drivers on HYPERchannel wanted to leave
bytes 8 and 9 alone for NSC use and place a "message type" field in
later in the message. A value of 0x34 had been selected by earlier
developers for reasons that are now of only historical interest.
Once again, implementations should generate this value on
transmission, but not check it on input, assuming that an IP datagram
is present in the message.

IP HEADER OFFSET

This value is used by a number of commercial implementations of IP on
HYPERchannel to align the start of the IP header within the network
message. This offset is relative to byte 12 of the network message
so that a value of zero indicates that the IP header begins in byte
12. This value should be both correctly generated on transmission,
and always respected on input processing.

Hardwick & Lekashman [Page 20]
RFC 1044 IP on Network Systems HYPERchannel February 1988

The maximum permissible offset in this field is 52 indicating that
the IP header begins at the start of the associated data block.

IP DATAGRAM CONTENTS

Beginning at the offset designated in byte 11, the IP datagram is
treated as a contiguous block of data that flows from byte 63 of the
message proper into the first byte of associated data, so that the
entire message plus data is treated as a single contiguous block.

If the IP header is small enough to fit within the entire network
message, then only the message proper is transmitted. The length of
the message proper sent should always be 64 bytes, even if the IP
datagram and HYPERchannel header do not occupy all 64 bytes of the
message proper.

If the datagram flows over into the associated data, then both
message and data are sent. Since a number of machines cannot send a
length of data to the HYPERchannel that is an exact number of bytes
(due to 16-64 bits on the channel bus,) the length of the associated
data received should not be used as a guide to the length of the IP
datagram -- this should be extracted from the IP header. A driver
should verify, of course, that the associated data received is at
least as long as is needed to hold the entire IP datagram.

COMPATIBILITY WITH EXISTING IMPLEMENTATIONS

The basic format described here is clearly a compromise between
several implementations of IP on HYPERchannel. Not all existing
implementations are interoperable with the standard described above.
Currently there are two known "families&"SEcure Neighbor Discovery (SEND)", RFC 3971,
March 2005.

[RFC6104] Chown, T. and S. Venaas, "Rogue IPv6 Router
Advertisement Problem Statement", RFC 6104,
February 2011.

[RFC7610] Gont, F., Liu, W., and G. Van de Velde, "DHCPv6-
Shield: Protecting against Rogue DHCPv6 Servers",
RFC 7610, August 2015.

[RFC1535] Gavron, E., "A Security Problem and Proposed
Correction With Widely Deployed DNS Software",
RFC 1535, October 1993.

[RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S.
Miller, "Common DNS Implementation Errors and
Suggested Fixes", RFC 1536, October 1993.

[DHCPv6-SLAAC] Liu, B., Jiang, S., Gong, X., Wang, W., and E. Rey,
"DHCPv6/SLAAC Interaction Problems on Address and DNS
Configuration", Work in Progress, February 2016.

[RFC6418] Blanchet, M. and P. Seite, "Multiple Interfaces and
Provisioning Domains Problem Statement", RFC 6418,
November 2011.

[RFC6419] Wasserman, M. and P. Seite, "Current Practices for
Multiple-Interface Hosts", RFC 6419, November 2011.

[RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved
Recursive DNS Server Selection for Multi-Interfaced
Nodes", RFC 6731, December 2012.

Jeong, et al. Expires September 7, 2016 [Page 15]
Internet-Draft IPv6 RA DNS Options March 2016

[RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei,
"Advanced Sockets Application Program Interface (API)
for IPv6", RFC 3542, May 2003.

Appendix A. Changes from RFC 6106

The following changes were made from RFC 6106 "IPv6 Router
Advertisement Options for DNS Configuration":

o The generation of Router Solicitation to ensure that the RDNSS
information is fresh before the expiry of the RDNSS option is
removed in order to prevent multicast traffic on the link from
increasing.

o The lifetime's upper bound of 2 * MaxRtrAdvInterval was shown to
lead to the expiry of these options on links with a relatively
high rate of packet loss. This revision relaxes the upper bound
and sets a higher default value to avoid this problem.

o The addresses for recursive DNS servers in the RDNSS option can be
not only global addresses, but also link-local addresses. The
link-local addresses for RDNSSes should be registered into the
resolver repository along with the corresponding link zone
indices.

o The recommendation that at most three RDNSS addresses to maintain
by RDNSS options should be limited is removed. By this removal,
the number of RDNSSes to maintain is up to an implementer's local
policy.

o The recommendation that at most three DNS domains to maintain by
DNSSL options should be limited is removed. By this removal, when
the set of unique DNSSL values are not equivalent, none of them
are ignored for hostname lookups.

Jeong, et al. Expires September 7, 2016 [Page 16]
Internet-Draft IPv6 RA DNS Options March 2016

Authors' Addresses

Jaehoon Paul Jeong
Department of Software
Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419
Republic of Korea

Phone: +82 31 299 4957
Fax: +82 31 290 7996
EMail: pauljeong@skku.edu
URI: http://iotlab.skku.edu/people-jaehoon-jeong.php

Soohong Daniel Park
Department of Computer Software
Korean Bible University
205 SangGye7-Dong, Nowon-Gu
Seoul 01757
Republic of Korea

Phone: +82 2 950 5494
EMail: daniel@bible.ac.kr

Luc Beloeil
France Telecom R&D
42, rue des coutures
BP 6243
14066 CAEN Cedex 4
France

Phone: +33 2 40 44 97 40
EMail: luc.beloeil@orange-ftgroup.com

Syam Madanapalli
iRam Technologies
#H304, Shriram Samruddhi, Thubarahalli
Bangalore - 560066
India

EMail: smadanapalli@gmail.com

Jeong, et al. Expires September 7, 2016 [Page 17]

IPv6 Router Advertisement Options for DNS Configuration draft-ietf-6man-rdnss-rfc6106bis-08

IPv6 Router Advertisement Options for DNS Configuration
draft-ietf-6man-rdnss-rfc6106bis-08