IPv6 Router Advertisement Options for DNS Configuration
draft-ietf-6man-rdnss-rfc6106bis-08
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 8106.
|
|
---|---|---|---|
Authors | Jaehoon Paul Jeong , Soohong Daniel Park , Luc Beloeil , Syam Madanapalli | ||
Last updated | 2016-03-06 | ||
Replaces | draft-jeong-6man-rdnss-rfc6106-bis | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Reviews | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | In WG Last Call | |
Document shepherd | Fernando Gont | ||
IESG | IESG state | Became RFC 8106 (Proposed Standard) | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | "Fernando Gont" <fgont@si6networks.com>, bob.hinden@gmail.com, otroan@employees.org |
draft-ietf-6man-rdnss-rfc6106bis-08
Network Working Group J. Jeong Internet-Draft Sungkyunkwan University Obsoletes: 6106 (if approved) S. Park Intended status: Standards Track Korean Bible University Expires: September 7, 2016 L. Beloeil France Telecom R&D S. Madanapalli iRam Technologies March 6, 2016 IPv6 Router Advertisement Options for DNS Configuration draft-ietf-6man-rdnss-rfc6106bis-08 Abstract This document specifies IPv6 Router Advertisement options to allow IPv6 routers to advertise a list of DNS recursive server addresses and a DNS Search List to IPv6 hosts. This document obsoletes RFC 6106 and allows a higher default value of the lifetime of the RA DNS options to avoid the frequent expiry of the options on links with a relatively high rate of packet loss. Status of This Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 7, 2016. Copyright Notice Jeong, et al. Expires September 7, 2016 [Page 1] Internet-Draft IPv6 RA DNS Options March 2016 Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Applicability Statements . . . . . . . . . . . . . . . . . 3 1.2. Coexistence of RA Options and DHCP Options for DNS Configuration . . . . . . . . . . . . . . . . . . . . . . 4 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5 5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 6 5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7 5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8 5.3.1. Procedure in IPv6 Host . . . . . . . . . . . . . . . . 8 5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9 6. Implementation Considerations . . . . . . . . . . . . . . . . 9 6.1. DNS Repository Management . . . . . . . . . . . . . . . . 10 6.2. Synchronization between DNS Server List and Resolver Repository . . . . . . . . . . . . . . . . . . . . . . . . 11 6.3. Synchronization between DNS Search List and Resolver Repository . . . . . . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 12 7.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 13 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14 10.2. Informative References . . . . . . . . . . . . . . . . . . 14 Appendix A. Changes from RFC 6106 . . . . . . . . . . . . . . . . 16 Jeong, et al. Expires September 7, 2016 [Page 2] Internet-Draft IPv6 RA DNS Options March 2016 1. Introduction The purpose of this document is to standardize an IPv6 Router Advertisement (RA) option for DNS Recursive Server Addresses used for the DNS name resolution in IPv6 hosts. This RA option was originally specified in an earlier Experimental specification [RFC5006] and was later published as a Standards Track in [RFC6106]. This document obsoletes [RFC6106], allowing a higher default value of the lifetime of the RA DNS options to avoid the frequent expiry of the options on links with a relatively high rate of packet loss, and also making additional clarifications, see Appendix B for details. Neighbor Discovery (ND) for IP version 6 and IPv6 Stateless Address Autoconfiguration (SLAAC) provide ways to configure either fixed or mobile nodes with one or more IPv6 addresses, default routers, and some other parameters [RFC4861][RFC4862]. Most Internet names are identified by using a DNS name. The two RA options defined in this document provide the DNS information needed for an IPv6 host to reach Internet names. It is infeasible to manually configure nomadic hosts each time they connect to a different network. While a one-time static configuration is possible, it is generally not desirable on general- purpose hosts such as laptops. For instance, locally defined name spaces would not be available to the host if it were to run its own recursive name server directly connected to the global DNS. The DNS information can also be provided through DHCPv6 [RFC3315] [RFC3736][RFC3646]. However, the access to DNS is a fundamental requirement for almost all hosts, so IPv6 stateless autoconfiguration cannot stand on its own as an alternative deployment model in any practical network without any support for DNS configuration. These issues are not pressing in dual-stack networks as long as a DNS server is available on the IPv4 side, but they become more critical with the deployment of IPv6-only networks. As a result, this document defines a mechanism based on IPv6 RA options to allow IPv6 hosts to perform the automatic DNS configuration. 1.1. Applicability Statements RA-based DNS configuration is a useful alternative in networks where an IPv6 host's address is autoconfigured through IPv6 stateless address autoconfiguration and where there is either no DHCPv6 infrastructure at all or some hosts do not have a DHCPv6 client. The intention is to enable the full configuration of basic networking information for hosts without requiring DHCPv6. However, for networks that need to distribute additional information, DHCPv6 is Jeong, et al. Expires September 7, 2016 [Page 3] Internet-Draft IPv6 RA DNS Options March 2016 likely to be employed. In these networks, RA-based DNS configuration may not be needed. RA-based DNS configuration allows an IPv6 host to acquire the DNS configuration (i.e., DNS recursive server addresses and DNS Search List) for the link(s) to which the host is connected. Furthermore, the host learns this DNS configuration from the same RA message that provides configuration information for the link. The advantages and disadvantages of the RA-based approach are discussed in [RFC4339] along with other approaches, such as the DHCP and well-known anycast address approaches. 1.2. Coexistence of RA Options and DHCP Options for DNS Configuration Two protocols exist to configure the DNS information on a host, the Router Advertisement options specified in this document and the DHCPv6 options specified in [RFC3646]. They can be used together. The rules governing the decision to use stateful configuration mechanisms are specified in [RFC4861]. Hosts conforming to this specification MUST extract DNS information from Router Advertisement messages, unless static DNS configuration has been specified by the user. If there is DNS information available from multiple Router Advertisements and/or from DHCP, the host MUST maintain an ordered list of this information as specified in Section 5.3.1. 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Terminology This document uses the terminology defined in [RFC4861] and [RFC4862]. In addition, four new terms are defined below: o Recursive DNS Server (RDNSS): Server that provides a recursive DNS resolution service for translating domain names into IP addresses or resolving PTR records, as defined in [RFC1034] and [RFC1035]. o RDNSS Option: IPv6 RA option to deliver the RDNSS information to IPv6 hosts [RFC4861]. o DNS Search List (DNSSL): The list of DNS suffix domain names used by IPv6 hosts when they perform DNS query searches for short, unqualified domain names. Jeong, et al. Expires September 7, 2016 [Page 4] Internet-Draft IPv6 RA DNS Options March 2016 o DNSSL Option: IPv6 RA option to deliver the DNSSL information to IPv6 hosts. o DNS Repository: Two data structures for managing DNS Configuration Information in the IPv6 protocol stack in addition to Neighbor Cache and Destination Cache for Neighbor Discovery [RFC4861]. The first data structure is the DNS Server List for RDNSS addresses and the second is the DNS Search List for DNS search domain names. o Resolver Repository: Configuration repository with RDNSS addresses and a DNS Search List that a DNS resolver on the host uses for DNS name resolution; for example, the Unix resolver file (i.e., /etc/ resolv.conf) and Windows registry. 4. Overview This document standardizes the ND option called the RDNSS option defined in [RFC6106] that contains the addresses of recursive DNS servers. This document also standardizes the ND option called the DNSSL option defined in [RFC6106] that contains the Domain Search List. This is to maintain parity with the DHCPv6 options and to ensure that there is necessary functionality to determine the search domains. The existing ND message (i.e., Router Advertisement) is used to carry this information. An IPv6 host can configure the IPv6 addresses of one or more RDNSSes via RA messages. Through the RDNSS and DNSSL options, along with the prefix information option based on the ND protocol ([RFC4861] and [RFC4862]), an IPv6 host can perform the network configuration of its IPv6 address and the DNS information simultaneously without needing DHCPv6 for the DNS configuration. The RA options for RDNSS and DNSSL can be used on the network that supports the use of ND. This approach requires the manual configuration or other automatic mechanisms (e.g., DHCPv6 or vendor proprietary configuration mechanisms) to configure the DNS information in routers sending the advertisements. The automatic configuration of RDNSS addresses and a DNS Search List in routers is out of scope for this document. 5. Neighbor Discovery Extension The IPv6 DNS configuration mechanism in this document needs two ND options in Neighbor Discovery: (i) the Recursive DNS Server (RDNSS) option and (ii) the DNS Search List (DNSSL) option. Jeong, et al. Expires September 7, 2016 [Page 5] Internet-Draft IPv6 RA DNS Options March 2016 5.1. Recursive DNS Server Option The RDNSS option contains one or more IPv6 addresses of recursive DNS servers. All of the addresses share the same Lifetime value. If it is desirable to have different Lifetime values, multiple RDNSS options can be used. Figure 1 shows the format of the RDNSS option. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | : Addresses of IPv6 Recursive DNS Servers : | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Recursive DNS Server (RDNSS) Option Format Fields: Type 8-bit identifier of the RDNSS option type as assigned by the IANA: 25 Length 8-bit unsigned integer. The length of the option (including the Type and Length fields) is in units of 8 octets. The minimum value is 3 if one IPv6 address is contained in the option. Every additional RDNSS address increases the length by 2. The Length field is used by the receiver to determine the number of IPv6 addresses in the option. Lifetime 32-bit unsigned integer. The maximum time in seconds (relative to the time the packet is received) over which these RDNSS addresses MAY be used for name resolution. The value of Lifetime SHOULD by default be at least 3 * MaxRtrAdvInterval where MaxRtrAdvInterval is the Maximum RA Interval defined in [RFC4861]. A value of all one bits (0xffffffff) represents infinity. A value of zero means that the RDNSS addresses MUST no longer be used. Addresses of IPv6 Recursive DNS Servers One or more 128-bit IPv6 addresses of the recursive DNS servers. The number of addresses is determined by the Length field. That is, the number of Jeong, et al. Expires September 7, 2016 [Page 6] Internet-Draft IPv6 RA DNS Options March 2016 addresses is equal to (Length - 1) / 2. Note: The addresses for recursive DNS servers in the RDNSS option MAY be link-local addresses. Such link-local addresses SHOULD be registered into the resolver repository along with the corresponding link zone indices of the links that receive the RDNSS option(s) for them. The link-local addresses MAY be represented with their link zone indices in the textual format for scoped addresses as described in [RFC4007]. When a resolver sends a DNS query message to an RDNSS with a link-local address, it MUST use the corresponding link. 5.2. DNS Search List Option The DNSSL option contains one or more domain names of DNS suffixes. All of the domain names share the same Lifetime value. If it is desirable to have different Lifetime values, multiple DNSSL options can be used. Figure 2 shows the format of the DNSSL option. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | : Domain Names of DNS Search List : | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: DNS Search List (DNSSL) Option Format Fields: Type 8-bit identifier of the DNSSL option type as assigned by the IANA: 31 Length 8-bit unsigned integer. The length of the option (including the Type and Length fields) is in units of 8 octets. The minimum value is 2 if at least one domain name is contained in the option. The Length field is set to a multiple of 8 octets to accommodate all the domain names in the field of Domain Names of DNS Search List. Lifetime 32-bit unsigned integer. The maximum time in seconds (relative to the time the packet is received) Jeong, et al. Expires September 7, 2016 [Page 7] Internet-Draft IPv6 RA DNS Options March 2016 RFC 1044 IP on Network Systems HYPERchannel February 1988 network message. Existing bridges or "link adapters" can be programmed to become "selective repeaters" in that they can receive network messages containing a subset of network addresses send them over the bridge medium (if present) and reintroduce them on the other network. Such interconnected local area networks are considered a single network from an addressing point of view. A large NSC network can have up to 64K networks which can be complexly interconnected by network bridges and/or "backbone" networks which distribute data between other networks. To simplify the mechanics of message forwarding, the 16-bit network field is divided into two eight quantities, a "network number" identifying which network is to receive the message and a "domain number" which specifies which network of networks is the recipient. The bridge technology adapters which move messages between networks have address recognition hardware which examines all the 24-bits in bytes 2-5 of the network message header to determine if the bridge should accept the message for forwarding. At any given instant of time in the network, each bridge will have a list of networks and domains that it should accept for forwarding to a network at the other end of the bridge. Each Adapter (Including Newer Technology host adapters) contains in address recognition hardware: o domainmask -- a 256-bit mask of domain numbers that should be accepted for forwarding (not local processing) by this adapter. o MyDomain -- the value of the domain on which this host adapter or bridge end is installed. o NetworkMask -- a 256-bit mask of network numbers that should be accepted for forwarding by this adapter. o MyNetwork - the value of the network on which this host adapter or bridge end is installed. o AddressMask -- A 256-bit mask of the local network addresses that should be accepted by the adapter. o MyAddress -- the "base address" of the box, which must be supplied in any message that is directed to control processes within the adapter, such as a loopback message. Address recognition takes place using the algorithm: IF Domain IN DomainMask OR IF (Domain = MyDomain AND Network IN NetworkMask) OR IF (Domain = MyDomain AND Network = MyNetwork AND Address IN AddressMask) THEN accept-message ELSE ignore-message. Hardwick & Lekashman [Page 11] RFC 1044 IP on Network Systems HYPERchannel February 1988 This algorithm means that an adapter's hardware address recognition logic will accept any messages to the box itself, any secondary or aliased local addresses owned by the adapter, and any message directed to a remote network or domain that that particular adapter is prepared to forward. 32-BIT MESSAGE FIELDS TRUNK MASK Is as in the basic network message. Messages that are to be delivered outside the immediate network should have 0xFF in this byte so that all possible trunks in intermediate networks should be tried. Locally delivered 32-bit messages may still contain specially tailored trunk masks to satisfy local delivery needs. MESSAGE FLAGS The currently defined bits remain as before. Three new bits have been defined since that time. CRC (END-END MESSAGE INTEGRITY). Newer technology host adapters are capable of generating a 32-bit CRC for the entire network message as soon as it is received over the channel or bus interface from the host. This 32-bit CRC is appended to the end of the associated data block and is preserved through the entire delivery process until it is checked by the host adapter that is the ultimate recipient of the message, which removes it. This end to end integrity checking is designed to provide a high degree of assurance that data has been correctly moved through all intermediate LAN's, geographic links, and internal adapter hardware and processes. SRC (SOURCE FROM ADDRESS CORRECT). This bit is provided to take advantage of the physical nature of the network address to optionally verify that the 32-bit FROM address provided in the network message is in fact the location that the message originated. If the bit is not set by the transmitting host, no particular processing occurs on the message. If the bit is set, then all intermediate adapters involved in the delivery of the message have the privilege of turning the bit off if the received message FROM address is not a TO address that would be delivered to the originator if the message were going the opposite direction. If the message is received by a host computer with this bit still set, then the FROM address is guaranteed correct in the sense that returning a message with TO and FROM information reversed will result in delivery of the message to the process that actually originated Hardwick & Lekashman [Page 12] RFC 1044 IP on Network Systems HYPERchannel February 1988 it. By careful attention to the physical security of adapters and intermediate links between networks, a high degree of security can be built into systems that simply examine the FROM address of a message to determine the legitimacy of its associated request. GNA (GLOBAL NETWORK ADDRESSING). This bit ON indicates that 32-bit addressing is present in the message. When this bit is on, bytes 2-3 (Domain and Network numbers) should also be nonzero. TO ADDRESS Four bytes contain the TO address, which is used to deliver the network message as described in "Address Recognition and Message Forwarding" on page 8. The "logical" part of the TO address is used to designate a protocol server exactly as in the basic format network message header. The existing "address" field has its high order bit reserved as an outnet bit for compatibility with existing A-series network adapter equipment. Were it not for this bit, the A-series adapters would attempt to accept messages that were "passing through" the local network on their way elsewhere simply because the address field matched while the the Domain and Network numbers (ignored by the A- series adapters) were quite different. This "outnet" bit is used in the following way: o All network adapters (of any type) in an extended set of networks containing A-Series adapters that will ever use 32-bit addressing must have their addresses in the range 00-7F (hex.) o If a message is to be sent to a destination on a nonlocal network and domain on such an extended network, then the high order bit of the address field is turned on. o When the last bridge in the chain realizes that it is about to forward the message to its final destination (the Domain and Network numbers are local), then it turns the Outnet bit off. This will result in local delivery to the destination adapter. FROM ADDRESS The FROM address follows the same logic as the TO address in that any message can be returned to its source by reversing the FROM and TO fields of the message. Since so many protocols examine byte 8 of the message to determine its type, the FROM field has been split so that the Domain and Network numbers extend into bytes 10-11. Hardwick & Lekashman [Page 13] RFC 1044 IP on Network Systems HYPERchannel February 1988 MESSAGE TYPE This field (informally defined in the past) has been extended to 16- bits so that a unique value can be assigned to any present or future protocol which is layer on HYPERchannel messages for either private or public use. AGE COUNT This field serves the same purpose as the IP "time to live" in that it prevents datagrams from endlessly circulating about in an improperly configured network. Each time a 32-bit message passes through a bridge, the Age Count is decremented by one. When the result is zero, the message is discarded by the bridge. NEXT HEADER OFFSET AND HEADER END OFFSET These are used as fields to optionally provide "loose source routing", where a list of 32-bit TO addresses can be provided by the transmitter to explicitly determine the path of a message through the network. If this feature is not used, both these fields would contain the value 16 (decimal) to both indicate extra TO addresses are absent and that the beginning of protocol data following the HYPERchannel header is in byte 16. Although it is conceivable that a HYPERchannel IP process could use this source routing capability to direct messages to hosts or gateways, this capability is not felt to be of sufficient value to IP to build it into a HYPERchannel IP protocol. In the future, all higher level protocols should be able to examine Header End Offset to determine the start of the higher level protocol information. BROADCASTING NSC message forwarding protocols use low level link protocols to negotiate transmission of a message to its next destination on the network. Furthermore, NSC network boxes often "fan out" so that several hosts share the same network transmission equipment as in the A400 adapter. Both these characteristics mean that providing a genuine broadcast capability is not a trivial task, and in fact no current implementations of NSC technology support a broadcast capability. The last several years have seen broadcast applications mature to the point where they have virtually unquestioned utility on a local and sometimes campuswide basis. Accordingly, new NSC technologies will Hardwick & Lekashman [Page 14] RFC 1044 IP on Network Systems HYPERchannel February 1988 support a broadcast capability. Information on the use of this capability is included here as it is essential to the discussion of the Address Resolution Protocol later in this document. Broadcast capability will be supported only with the extended (32-bit address) message format. A broadcast message will have the following general appearance: byte Message Proper +------------------------------+-----------------------------+ 0 | Trunks to Try | Message Flags | | TO trunks | FROM trunks |GNA|CRC| |SRC|EXC|BST|A/D| +--------------+---------------+---+---+--+--+---+---+---+---+ 2 | TO Domain Number | TO Network Number | | or 0xFF | or 0xFF | +------------------------------+-----------------------------+ 4 | 0xFF | Broadcast channel number | | | | +------------------------------+-----------------------------+ 6 |O| Physical addr of source | |FROM port| |N| adapter (FROM) | | number | +------------------------------+-----------------------------+ 8 | Message type | | | +------------------------------+-----------------------------+ 10 | FROM Domain Number | FROM Network Number | | | | +------------------------------+-----------------------------+ 12 | - reserved - | age count | | | | +------------------------------+-----------------------------+ 14 | Next Header Offset | Header End Offset | | (normally 16) | (normally 16) | +------------------------------+-----------------------------+ 16 | Start of user protocol | | bytes 16 - 64 of message proper | | | +------------------------------+-----------------------------+ Associated Data +-----------------------------------------------------------------+ | | | As with basic format network messages | | Maximum associated data size 1K bytes. | | | +-----------------------------------------------------------------+ Hardwick & Lekashman [Page 15] over which these DNSSL domain names MAY be used for name resolution. The Lifetime value has the same semantics as with the RDNSS option. That is, Lifetime SHOULD by default be at least 3 * MaxRtrAdvInterval. A value of all one bits (0xffffffff) represents infinity. A value of zero means that the DNSSL domain names MUST no longer be used. Domain Names of DNS Search List One or more domain names of DNS Search List that MUST be encoded as described in Section 3.1 of [RFC1035]. By this technique, each domain name is represented as a sequence of labels ending in a zero octet, defined as domain name representation. For more than one domain name, the corresponding domain name representations are concatenated as they are. Note that for the simple decoding, the domain names MUST NOT be encoded in a compressed form, as described in Section 4.1.4 of [RFC1035]. Because the size of this field MUST be a multiple of 8 octets, for the minimum multiple including the domain name representations, the remaining octets other than the encoding parts of the domain name representations MUST be padded with zeros. 5.3. Procedure of DNS Configuration The procedure of DNS configuration through the RDNSS and DNSSL options is the same as with any other ND option [RFC4861]. 5.3.1. Procedure in IPv6 Host When an IPv6 host receives DNS options (i.e., RDNSS option and DNSSL option) through RA messages, it processes the options as follows: o The validity of DNS options is checked with the Length field; that is, the value of the Length field in the RDNSS option is greater than or equal to the minimum value (3), and satisfies that (Length - 1) % 2 == 0. The value of the Length field in the DNSSL option is greater than or equal to the minimum value (2). Also, the validity of the RDNSS option is checked with the "Addresses of IPv6 Recursive DNS Servers" field; that is, the addresses should be unicast addresses. o If the DNS options are valid, the host SHOULD copy the values of the options into the DNS Repository and the Resolver Repository in order. Otherwise, the host MUST discard the options. Refer to Jeong, et al. Expires September 7, 2016 [Page 8] Internet-Draft IPv6 RA DNS Options March 2016 Section 6 for the detailed procedure. In the case where the DNS options of RDNSS and DNSSL can be obtained from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep some DNS options from all sources. Unless explicitly specified for the discovery mechanism, the exact number of addresses and domain names to keep is a matter of local policy and implementation choice as a local configuration option. However, in the case of multiple sources, the ability to store a total of at least three RDNSS addresses (or DNSSL domain names) from the multiple sources is RECOMMENDED. The DNS options from Router Advertisements and DHCP SHOULD be stored into the DNS Repository and Resolver Repository so that information from DHCP appears there first and therefore takes precedence. Thus, the DNS information from DHCP takes precedence over that from RA for DNS queries. On the other hand, for DNS options announced by RA, if some RAs use the Secure Neighbor Discovery (SEND) protocol [RFC3971] for RA security, they MUST be preferred over those that do not use SEND. Refer to Section 7 for the detailed discussion on SEND for RA DNS options. 5.3.2. Warnings for DNS Options Configuration There are two warnings for DNS options configuration: (i) warning for multiple sources of DNS options and (ii) warning for multiple network interfaces. First, in the case of multiple sources for DNS options (e.g., RA and DHCP), an IPv6 host can configure its IP addresses from these sources. In this case, it is not possible to control how the host uses DNS information and what source addresses it uses to send DNS queries. As a result, configurations where different information is provided by different sources may lead to problems. Therefore, the network administrator needs to configure different DNS options in the multiple sources in order to minimize the impact of such problems [DHCPv6-SLAAC]. Second, if different DNS information is provided on different network interfaces, this can lead to inconsistent behavior. The IETF worked on solving this problem for both DNS and other information obtained by multiple interfaces [RFC6418][RFC6419], and standardized the solution for RDNSS selection for multi-interfaced nodes in [RFC6731], which is based on DHCP. 6. Implementation Considerations Note: This non-normative section gives some hints for implementing the processing of the RDNSS and DNSSL options in an IPv6 host. For the configuration and management of DNS information, the advertised DNS configuration information can be stored and managed in Jeong, et al. Expires September 7, 2016 [Page 9] Internet-Draft IPv6 RA DNS Options March 2016 both the DNS Repository and the Resolver Repository. In environments where the DNS information is stored in user space and ND runs in the kernel, it is necessary to synchronize the DNS information (i.e., RDNSS addresses and DNS search domain names) in kernel space and the Resolver Repository in user space. In these environments, a user space application cannot receive RA via an ICMPv6 socket using the standard advanced socket Application Program Interface (API) in [RFC3542]. For the synchronization, an implementation where ND works in the kernel should provide a write operation for updating DNS information from the kernel to the Resolver Repository. One simple approach is to have a daemon (or a program that is called at defined intervals) that keeps monitoring the Lifetimes of RDNSS addresses and DNS search domain names all the time. Whenever there is an expired entry in the DNS Repository, the daemon can delete the corresponding entry from the Resolver Repository. 6.1. DNS Repository Management For DNS repository management, the kernel or user-space process (depending on where RAs are processed) should maintain two data structures: (i) DNS Server List that keeps the list of RDNSS addresses and (ii) DNS Search List that keeps the list of DNS search domain names. Each entry in these two lists consists of a pair of an RDNSS address (or DNSSL domain name) and Expiration-time as follows: o RDNSS address for DNS Server List: IPv6 address of the Recursive DNS Server, which is available for recursive DNS resolution service in the network advertising the RDNSS option. o DNSSL domain name for DNS Search List: DNS suffix domain names, which are used to perform DNS query searches for short, unqualified domain names for the RDNSS address, which is advertised by the same RA message having the DNSSL option, in the network advertising the DNSSL option. o Expiration-time for DNS Server List or DNS Search List: The time when this entry becomes invalid. Expiration-time is set to the value of the Lifetime field of the RDNSS option or DNSSL option plus the current time. Whenever a new RDNSS option with the same address (or DNSSL option with the same domain name) is received on the same interface as a previous RDNSS option (or DNSSL option), this field is updated to have a new Expiration-time. When the current time becomes larger than Expiration-time, this entry is regarded as expired. Note that the DNS information for the RDNSS and DNSSL options need not be dropped if the expiry of the RA router lifetime happens. This is because these options have their Jeong, et al. Expires September 7, 2016 [Page 10] Internet-Draft IPv6 RA DNS Options March 2016 own lifetime values. 6.2. Synchronization between DNS Server List and Resolver Repository When an IPv6 host receives the information of multiple RDNSS addresses within a network (e.g., campus network and company network) through an RA message with RDNSS option(s), it stores the RDNSS addresses (in order) into both the DNS Server List and the Resolver Repository. The processing of the RDNSS consists of (i) the processing of RDNSS option(s) included in an RA message and (ii) the handling of expired RDNSSes. The processing of RDNSS option(s) is as follows: Step (a): Receive and parse the RDNSS option(s). For the RDNSS addresses in each RDNSS option, perform Steps (b) through (d). Step (b): For each RDNSS address, check the following: If the RDNSS address already exists in the DNS Server List and the RDNSS option's Lifetime field is set to zero, delete the corresponding RDNSS entry from both the DNS Server List and the Resolver Repository in order to prevent the RDNSS address from being used any more for certain reasons in network management, e.g., the termination of the RDNSS or a renumbering situation. That is, the RDNSS can resign from its DNS service because the machine running the RDNSS is out of service intentionally or unintentionally. Also, under the renumbering situation, the RDNSS's IPv6 address will be changed, so the previous RDNSS address should not be used any more. The processing of this RDNSS address is finished here. Otherwise, go to Step (c). Step (c): For each RDNSS address, if it already exists in the DNS Server List, then just update the value of the Expiration-time field according to the procedure specified in the third bullet of Section 6.1. Otherwise, go to Step (d). Step (d): For each RDNSS address, if it does not exist in the DNS Server List, register the RDNSS address and Lifetime with the DNS Server List and then insert the RDNSS address in front of the Resolver Repository. In the case where the data structure for the DNS Server List is full of RDNSS entries (that is, has more RDNSSes than the sufficient number discussed in Section 5.3.1), delete from the DNS Server List the entry with the shortest Expiration-time (i.e., the entry that will expire first). The corresponding RDNSS address is also deleted from the Resolver Repository. For the ordering of RDNSS addresses in an RDNSS option, position the first RDNSS address in the RDNSS option as the first one in the Resolver Repository, the second RDNSS address in the option as the second one in the repository, and so on. Jeong, et al. Expires September 7, 2016 [Page 11] Internet-Draft IPv6 RA DNS Options March 2016 This ordering allows the RDNSS addresses in the RDNSS option to be preferred according to their order in the RDNSS option for the DNS name resolution. The processing of these RDNSS addresses is finished here. The handling of expired RDNSSes is as follows: Whenever an entry expires in the DNS Server List, the expired entry is deleted from the DNS Server List, and also the RDNSS address corresponding to the entry is deleted from the Resolver Repository. 6.3. Synchronization between DNS Search List and Resolver Repository When an IPv6 host receives the information of multiple DNSSL domain names within a network (e.g., campus network and company network) through an RA message with DNSSL option(s), it stores the DNSSL domain names (in order) into both the DNS Search List and the Resolver Repository. The processing of the DNSSL consists of (i) the processing of DNSSL option(s) included in an RA message and (ii) the handling of expired DNSSLs. The processing of DNSSL option(s) is the same with that of RDNSS option(s) in Section 6.2 except Step (b). In Step (b), if the DNSSL domain name already exists in the DNS Search List and the DNSSL option's Lifetime field is set to zero, delete the corresponding DNSSL entry from both the DNS Search List and the Resolver Repository in order to prevent the DNSSL domain name from being used any more for certain reasons in network management, e.g., the termination of the usage of the DNSSL domain name. That is, the DNSSL domain name may not be used any more by the policy of the network. 7. Security Considerations In this section, we analyze security threats related to DNS options and then suggest recommendations to cope with such security threats. 7.1. Security Threats For the RDNSS option, an attacker could send an RA with a fraudulent RDNSS address, misleading IPv6 hosts into contacting an unintended DNS server for DNS name resolution. Also, for the DNSSL option, an attacker can let IPv6 hosts resolve a host name without a DNS suffix into an unintended host's IP address with a fraudulent DNS Search List. These attacks are similar to ND attacks specified in [RFC4861] that use Redirect or Neighbor Advertisement messages to redirect traffic to individual addresses of malicious parties. However, the security of these RA options for DNS configuration does not affect ND protocol security [RFC4861]. This is because learning Jeong, et al. Expires September 7, 2016 [Page 12] Internet-Draft IPv6 RA DNS Options March 2016 DNS information via the RA options cannot be worse than learning bad router information via the RA options. Therefore, the vulnerability of ND is not worse and is a subset of the attacks that any node attached to a LAN can do. 7.2. Recommendations The Secure Neighbor Discovery (SEND) protocol [RFC3971] MAY be used as a security mechanism for ND. In this case, ND can use SEND to allow all the ND options including the RDNSS and DNSSL options to be automatically included in the signatures. Other approaches specified in [RFC4861] can be used for securing the RA options for DNS configuration. It is common for network devices such as switches to include mechanisms to block unauthorized ports from running a DHCPv6 server to provide protection from rogue DHCPv6 servers [RFC7610]. That means that an attacker on other ports cannot insert bogus DNS servers using DHCPv6. The corresponding technique for network devices is RECOMMENDED to block rogue Router Advertisement messages [RFC6104] including the RDNSS and DNSSL options from unauthorized nodes. An attacker may provide a bogus DNS Search List option in order to cause the victim to send DNS queries to a specific DNS server when the victim queries non-FQDNs (fully qualified domain names). For this attack, the DNS resolver in IPv6 hosts can mitigate the vulnerability with the recommendations mentioned in [RFC1535], [RFC1536], and [RFC3646]. 8. IANA Considerations The RDNSS option defined in this document uses the IPv6 Neighbor Discovery Option type defined in RFC 6106 [RFC6106], which was assigned by the IANA as follows: Option Name Type Recursive DNS Server Option 25 The DNSSL option defined in this document uses the IPv6 Neighbor Discovery Option type defined in RFC 6106 [RFC6106], which was assigned by the IANA as follows: Option Name Type DNS Search List Option 31 These options have been registered in the "Internet Control Message Protocol version 6 (ICMPv6) Parameters" registry (http:// www.iana.org/assignments/icmpv6-parameters/ Jeong, et al. Expires September 7, 2016 [Page 13] Internet-Draft IPv6 RA DNS Options March 2016 icmpv6-parameters.xhtml#icmpv6-parameters-5). 9. Acknowledgements This document has greatly benefited from inputs by Robert Hinden, Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony Cheneau, Fernando Gont, Jen Linkova, Ole Troan, Mark Smith, Tatuya Jinmei, Lorenzo Colitti, Tore Anderson, David Farmer, and Bing Liu. The authors sincerely appreciate their contributions. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, March 2005. 10.2. Informative References [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6", RFC 3736, April 2004. [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", Jeong, et al. Expires September 7, 2016 [Page 14] Internet-Draft IPv6 RA DNS Options March 2016 RFC 3646, December 2003. [RFC5006] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, "IPv6 Router Advertisement Option for DNS Configuration", RFC 5006, September 2007. [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, "IPv6 Router Advertisement Options for DNS Configuration", RFC 6106, November 2010. [RFC4339] Jeong, J., "IPv6 Host Configuration of DNS Server Information Approaches", RFC 4339, February 2006. [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, RFC 1044 IP on Network Systems HYPERchannel February 1988 TRUNKS TO TRY AND MESSAGE FLAGS These fields are defined just as with a normal 32-bit message. All bits in the Message Flags field are valid with broadcast modes. BROADCAST ADDRESS For Domain, Network and Adapter Address fields, the value 0xFF is reserved for use by the broadcast mechanism. A value of 0xFF in the adapter address field indicates to the local network hardware that this message is to be sent to all connected network equipment on the individual network. A value of 0xFF in the network or domain fields, respectively indicates a request that the scope of the broadcast exceed the local network. The bridging link adapters will receive the broadcast message along with everyone else and will examine the "Broadcast Channel" field and their internal switches to determine if the message should be forwarded to other remote networks. If the Network and Domain fields contain the local network and domain, then the broadcast message will only be broadcast within the local network. If a remote Network and Domain is specified, then the message will be delivered as a single message to the remote network and broadcast there. BROADCAST CHANNEL Since individual hosts and protocol servers generally are not interested in all broadcast messages that float about the network, a filtering mechanism is provided in the header and network adapter equipment so that only proper classes of broadcast messages are delivered to the end point. Broadcast channel numbers in the range 00-0xFF will be assigned by NSC much like the "message type" field. Host protocol servers specify a specific TO address containing a channel number (such as 0xFF04) when they bind themselves to the HYPERchannel device driver. The driver and the underlying equipment will deliver only broadcast messages with the correct channel number to the protocol server. If a protocol server wishes to receive several different broadcast messages, it must bind itself to the driver several times with the desired addresses. Link adapters that are prepared to handle multinetwork broadcast messages may be equipped with switches to determine which broadcast channels will be propagated into the next network. Since multinetwork broadcast is an arrangement that must be configured with Hardwick & Lekashman [Page 16] RFC 1044 IP on Network Systems HYPERchannel February 1988 care, these switches are off by default. FROM ADDRESS The FROM address is constructed just as with a normal 32-bit network message. The Source Address Correct bit is processed just as with a normal message. MESSAGE TYPE Message type is defined as with normal messages. Presumably broadcast applications will have unique message types that are not generally found in normal messages. AGE COUNT Age count is vitally important in a multinetwork broadcast as "loops" in the network can cause a great deal of activity until all the progeny of the original broadcast message die out. PROTOCOL SPECIFICATION This section contains information on the technique used to encapsulate IP datagrams on the HYPERchannel network message. It contains three sections to describe three protocol packagings: o The technique used to encapsulate IP datagrams on the basic 16-bit network message. This is a de facto standard that has been in use for several years and is documented here to make it official. o The encapsulation technique for IP datagrams on 32 bit network messages. o The definition of an Address Resolution Protocol on HYPERchannel. Hardwick & Lekashman [Page 17] RFC 1044 IP on Network Systems HYPERchannel February 1988 BASIC (16-BIT) MESSAGE ENCAPSULATION Message Proper +------------------------------+-----------------------------+ 0 | Trunks to Try | Message Flags | | TO trunks | FROM trunks |GNA|CRC| |SRC|EXC|BST|A/D| +------------------------------+-----------------------------+ 2 | Access code 0000 | | (no longer supported) | +------------------------------+-----------------------------+ 4 | Physical addr of | Protocol server |Dest Port| | destination adapter | logical address | number | +------------------------------+-----------------------------+ 6 | Physical addr of | Originating | Src Port| | source adapter | server address | number | +------------------------------+-----------------------------+ 8 | IP on HYPERchannel | Offset to start of IP | | type code 0x05 | header from message start | +------------------------------+-----------------------------+ 10 | IP type designator | Offset to start of IP | | 0x34 | header from byte 12 | +------------------------------+-----------------------------+ 12 | Padding (variable length incl. zero bytes) | | | +------------------------------+-----------------------------+ Off | First (64-Offset) bytes of IP datagram | | | | | | | +------------------------------+-----------------------------+ Associated Data +------------------------------+-----------------------------+ | | | Remainder of IP datagram | | | | No associated data is present if IP | | datagram fits in the Message Proper | | | +------------------------------+-----------------------------+ TRUNK MASK From the vantage of an IP driver, any trunk mask is valid so long as it results in successful delivery of the HYPERchannel network message to its destination. There is no reason to check this field for validity on reception of the message. Specification of the Trunk Mask on output is a local affair that could be specified by the transmitting driver's address resolution tables. Hardwick & Lekashman [Page 18] RFC 1044 IP on Network Systems HYPERchannel February 1988 MESSAGE FLAGS No use is made of the Flags field (byte 1) other than to appropriately set the Associated Data bit. Burst Mode and the Exception bit should not be used with IP. ACCESS CODE Although some current implementations of IP on HYPERchannel support the access code, no one appears to be using it at the current time. Since this field is currently reserved for the use of 32-bit addresses, no value other than 0000 should be placed in this field. TO ADDRESS The TO field is generally obtained by a local IP driver through a table lookup algorithm where a 16-bit TO address is found that corresponds to the IP address of a local host or gateway. The high order bits of the TO address of course refer to the adapter number the adapter attached to the destination host. The logical TO field should contain the protocol server address of the HYPERchannel IP driver for that host as determined by the host's system administrator. Many HYPERchannel TCP/IP drivers in the field today are not "open" in that any network message delivered to that host will be presumed to be an IP datagram regardless of the logical TO field; however any transmitting IP process should be capable of generating the entire 16-bit TO field in order to generate a message capable of reaching a destination IP process. The process of determining which HYPERchannel address will receive an IP datagram based on its IP address is a major topic that is covered in "Address Resolution". FROM ADDRESS The FROM address is filled in with the address that the local driver expects to receive from the network, but no particular use is make of the FROM address. MESSAGE TYPE Network Systems requests that a value of 5 (decimal) be placed in this byte to uniquely indicate that the network message is being used to carry IP traffic. No other well-behaved protocol using HYPERchannel should duplicate this value of 5. Hardwick & Lekashman [Page 19] RFC 1044 IP on Network Systems HYPERchannel February 1988 Many current implementations of IP on HYPERchannel place a zero or other values in this field simply because no value was reserved for IP usage. Transmitting versions of IP should always place a 5 in this field; receiving IP's should presume a delivered message to be an IP datagram until proven otherwise regardless of the contents of the Message Type field. Developers should note that it is often convenient to permit reception of the value 0xFF00 in bytes 8 and 9 of the IP datagram. Transmitting a message with this value will cause it to be looped back at the destination adapter and returned to the protocol server designate in the FROM address. This permits the developer have host applications talk to others on the same host for purposes of network interface or other protocol debugging. IP HEADER OFFSET Byte 9 contains the offset to the start of the IP header within the message proper, such that the Message Proper address plus the IP header offset generates the address of the first byte of the IP header (at least on byte addressable machines.) This field is redundant with the offset field in byte 11, and is present for cosmetic compatibility with 32-bit implementations. On reception, the value in byte 11 should take precedence. As part of the migration to larger HYPERchannel headers, this field will become significant with the 32-bit addressing format, as the length of the header is no longer 10 bytes and byte 11 is used for other purposes. IP TYPE DESIGNATOR Early implementations of IP drivers on HYPERchannel wanted to leave bytes 8 and 9 alone for NSC use and place a "message type" field in later in the message. A value of 0x34 had been selected by earlier developers for reasons that are now of only historical interest. Once again, implementations should generate this value on transmission, but not check it on input, assuming that an IP datagram is present in the message. IP HEADER OFFSET This value is used by a number of commercial implementations of IP on HYPERchannel to align the start of the IP header within the network message. This offset is relative to byte 12 of the network message so that a value of zero indicates that the IP header begins in byte 12. This value should be both correctly generated on transmission, and always respected on input processing. Hardwick & Lekashman [Page 20] RFC 1044 IP on Network Systems HYPERchannel February 1988 The maximum permissible offset in this field is 52 indicating that the IP header begins at the start of the associated data block. IP DATAGRAM CONTENTS Beginning at the offset designated in byte 11, the IP datagram is treated as a contiguous block of data that flows from byte 63 of the message proper into the first byte of associated data, so that the entire message plus data is treated as a single contiguous block. If the IP header is small enough to fit within the entire network message, then only the message proper is transmitted. The length of the message proper sent should always be 64 bytes, even if the IP datagram and HYPERchannel header do not occupy all 64 bytes of the message proper. If the datagram flows over into the associated data, then both message and data are sent. Since a number of machines cannot send a length of data to the HYPERchannel that is an exact number of bytes (due to 16-64 bits on the channel bus,) the length of the associated data received should not be used as a guide to the length of the IP datagram -- this should be extracted from the IP header. A driver should verify, of course, that the associated data received is at least as long as is needed to hold the entire IP datagram. COMPATIBILITY WITH EXISTING IMPLEMENTATIONS The basic format described here is clearly a compromise between several implementations of IP on HYPERchannel. Not all existing implementations are interoperable with the standard described above. Currently there are two known "families&"SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005. [RFC6104] Chown, T. and S. Venaas, "Rogue IPv6 Router Advertisement Problem Statement", RFC 6104, February 2011. [RFC7610] Gont, F., Liu, W., and G. Van de Velde, "DHCPv6- Shield: Protecting against Rogue DHCPv6 Servers", RFC 7610, August 2015. [RFC1535] Gavron, E., "A Security Problem and Proposed Correction With Widely Deployed DNS Software", RFC 1535, October 1993. [RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. Miller, "Common DNS Implementation Errors and Suggested Fixes", RFC 1536, October 1993. [DHCPv6-SLAAC] Liu, B., Jiang, S., Gong, X., Wang, W., and E. Rey, "DHCPv6/SLAAC Interaction Problems on Address and DNS Configuration", Work in Progress, February 2016. [RFC6418] Blanchet, M. and P. Seite, "Multiple Interfaces and Provisioning Domains Problem Statement", RFC 6418, November 2011. [RFC6419] Wasserman, M. and P. Seite, "Current Practices for Multiple-Interface Hosts", RFC 6419, November 2011. [RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved Recursive DNS Server Selection for Multi-Interfaced Nodes", RFC 6731, December 2012. Jeong, et al. Expires September 7, 2016 [Page 15] Internet-Draft IPv6 RA DNS Options March 2016 [RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei, "Advanced Sockets Application Program Interface (API) for IPv6", RFC 3542, May 2003. Appendix A. Changes from RFC 6106 The following changes were made from RFC 6106 "IPv6 Router Advertisement Options for DNS Configuration": o The generation of Router Solicitation to ensure that the RDNSS information is fresh before the expiry of the RDNSS option is removed in order to prevent multicast traffic on the link from increasing. o The lifetime's upper bound of 2 * MaxRtrAdvInterval was shown to lead to the expiry of these options on links with a relatively high rate of packet loss. This revision relaxes the upper bound and sets a higher default value to avoid this problem. o The addresses for recursive DNS servers in the RDNSS option can be not only global addresses, but also link-local addresses. The link-local addresses for RDNSSes should be registered into the resolver repository along with the corresponding link zone indices. o The recommendation that at most three RDNSS addresses to maintain by RDNSS options should be limited is removed. By this removal, the number of RDNSSes to maintain is up to an implementer's local policy. o The recommendation that at most three DNS domains to maintain by DNSSL options should be limited is removed. By this removal, when the set of unique DNSSL values are not equivalent, none of them are ignored for hostname lookups. Jeong, et al. Expires September 7, 2016 [Page 16] Internet-Draft IPv6 RA DNS Options March 2016 Authors' Addresses Jaehoon Paul Jeong Department of Software Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon, Gyeonggi-Do 16419 Republic of Korea Phone: +82 31 299 4957 Fax: +82 31 290 7996 EMail: pauljeong@skku.edu URI: http://iotlab.skku.edu/people-jaehoon-jeong.php Soohong Daniel Park Department of Computer Software Korean Bible University 205 SangGye7-Dong, Nowon-Gu Seoul 01757 Republic of Korea Phone: +82 2 950 5494 EMail: daniel@bible.ac.kr Luc Beloeil France Telecom R&D 42, rue des coutures BP 6243 14066 CAEN Cedex 4 France Phone: +33 2 40 44 97 40 EMail: luc.beloeil@orange-ftgroup.com Syam Madanapalli iRam Technologies #H304, Shriram Samruddhi, Thubarahalli Bangalore - 560066 India EMail: smadanapalli@gmail.com Jeong, et al. Expires September 7, 2016 [Page 17]