Network Working Group K. Davies
Internet-Draft IANA
Updates: RFC3172 (if approved) J. Arkko
Intended status: Best Current Practice Ericsson
Expires: February 7, 2021 August 06, 2020
Nameservers for the Address and Routing Parameter Area ("arpa") Domain
draft-iana-arpa-authoritative-servers-01
Abstract
This document describes revisions to operational practices to
separate function of the "arpa" top-level domain in the DNS from its
historical operation alongside the DNS root zone.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 7, 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Davies & Arkko Expires February 7, 2021 [Page 1]
Internet-Draft Nameservers for the .arpa Domain August 2020
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements for the "arpa" zone . . . . . . . . . . . . . . 3
3. Transition Process . . . . . . . . . . . . . . . . . . . . . 3
3.1. Dedicated nameserver hostnames . . . . . . . . . . . . . 3
3.2. Separation of infrastructure . . . . . . . . . . . . . . 4
3.3. Zone administration . . . . . . . . . . . . . . . . . . . 4
3.4. Conclusion of process . . . . . . . . . . . . . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . . . 5
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.1. Normative References . . . . . . . . . . . . . . . . . . 5
6.2. Informative References . . . . . . . . . . . . . . . . . 5
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
The "arpa" top-level domain [RFC3172] is designated as an
"infrastructure domain" to support techniques defined by Internet
standards. Zones under the "arpa" domain provide various mappings,
such as IP addresses to domain names and E.164 numbers to URIs. It
also contains special use names such as "home", which is a non-unique
name used in residential home networks.
Historically, the "arpa" zone has been hosted on almost all of the
root name servers, and [RFC3172] envisages the "arpa" domain to be
"sufficiently critical that the operational requirements for the root
servers apply to the operational requirements of the "arpa" servers".
To date, this has been implemented by serving the "arpa" domain
directly on a subset of the root server infrastructure.
This bundling of root server and "arpa" server operations has
entwined management of the zones contents and their infrastructure.
As a result, some proposals under consideration by the IETF involving
the "arpa" zone have been discarded due to the risk of conflict with
root operations.
The separation described in this document resolves operational
impacts of synchronizing edits to the root zone and the "arpa" zone
by eliminating the current dependency and allowing more tailored
operations based on the unique requirements of each zone.
Davies & Arkko Expires February 7, 2021 [Page 2]
Internet-Draft Nameservers for the .arpa Domain August 2020
2. Requirements for the "arpa" zone
The "arpa" domain continues to play a role in critical Internet
operations, and this change does not propose weakening operational
requirements described in [RFC3172] for the domain. Future
operational requirements for the "arpa" domain are encouraged to
follow strong baseline requirements such as those documented in
[RFC7720].
3. Transition Process
The process will dedicate new hostnames to the servers authoritative
for the "arpa" zone, but will initially serve the "arpa" zone from
the same hosts.
Once completed, subsequent transitional phases could include using
new hosts to replace or augment the existing root server hosts, and
separation of the editing and distribution of the "arpa" zone from
necessarily being connected to the root zone. Any future management
considerations regarding how such changes may be performed are beyond
the scope of this document.
3.1. Dedicated nameserver hostnames
Consistent with the use of the "arpa" namespace itself to host name
servers for other delegations in the "arpa" zone ([RFC5855]), this
document specifies a new namespace of "ns.arpa", with the nameserver
set to be labelled as follows:
a.ns.arpa
b.ns.arpa
c.ns.arpa
...
Dedicated hostnames eliminate a logical dependency that requires the
coordinated editing of the "arpa" zone and the root zone. This
component of this transition does not require the underlying hosts
that provide "arpa" name service (that is, the root servers) be
altered. The "arpa" zone will initially map the new hostnames to to
the same IP addresses that already provide service under the
respective hostnames within root-servers.net.
Because these nameservers are completely in-bailiwick of the "arpa"
zone, they will require glue records in the root zone. This is
consistent with current practice and requires no operational changes
to the root zone.
Davies & Arkko Expires February 7, 2021 [Page 3]
Internet-Draft Nameservers for the .arpa Domain August 2020
3.2. Separation of infrastructure
After initially migrating the "arpa" zone to use hostnames that are
not shared with the root zone, the underlying name service is
expected to evolve such that it no longer directly aligns to a subset
of root server instances. With no shared infrastructure between the
root servers and the "arpa" servers, future novel applications for
the "arpa" zone may be possible.
Any subsequent changes to the parties providing name service for the
zone is considered a normal management responsibility associated with
zone management, and would be performed in accordance with [RFC3172].
3.3. Zone administration
Publication of the "arpa" zone file to the authoritative "arpa" name
servers is currently undertaken alongside the root zone maintenance
functions. Upon the separation of the "arpa" infrastructure from the
root server infrastructure, publication of the "arpa" zone no longer
necessarily needs to be technically linked or inter-related to the
root zone publication mechanisms.
3.4. Conclusion of process
Full technical separation of "arpa" operations from root operations
minimally requires the following to be satisfied:
o The "arpa" zone no longer shares any hostnames in its NS-set with
the root zone;
o The hosts that provide authoritative name service are not the same
hosts as the root servers, do not share any IPv4 or IPv6 addresses
with the root servers, and are sufficiently separately provisioned
such that any unique "arpa" zone requirements can be deployed
without affecting how root zone service is provided;
o The editorial and publication process for the "arpa" zone has any
common dependencies with the root zone process removed, so that
the "arpa" zone can be managed, edited and provisioned wholly
independently of the root zone.
Such separation is ultimately sought to allow for novel uses of the
"arpa" zone without the risk of inadvertantly impacting root zone and
root server operations. It is recognized that achieving this state
requires a deliberative process involving significant coordination to
ensure impacts are minimized.
Davies & Arkko Expires February 7, 2021 [Page 4]
Internet-Draft Nameservers for the .arpa Domain August 2020
4. IANA Considerations
The IANA shall coordinate the creation of a new "ns.arpa" zone and
populate it with address records that reflect the IP addresses of the
contemporary root servers documented within "root-servers.net" as its
initial state.
The IANA will initially migrate the 12 NS records for the "arpa" zone
to point to their respective new entries in the "ns.arpa" zone.
Subsequently, the IAB and IANA will consult and coordinate with all
relevant parties on activity to reduce or eliminate reliance upon
root zone and root server infrastructure for serving the "arpa" zone.
Such changes will be performed in compliance with [RFC3172] and shall
be conducted with all due care and deliberation to mitigate potential
impacts on critical infrastructure.
5. Security Considerations
The security of the "arpa" zone is not necessarily impacted by any
aspects of these changes. Robust practices associated with
administering the content of the zone (including signing operations)
as well as its distribution will continue to be necessary.
6. References
6.1. Normative References
[RFC3172] Huston, G., Ed., "Management Guidelines & Operational
Requirements for the Address and Routing Parameter Area
Domain ("arpa")", BCP 52, RFC 3172, DOI 10.17487/RFC3172,
September 2001, <https://www.rfc-editor.org/info/rfc3172>.
6.2. Informative References
[RFC5855] Abley, J. and T. Manderson, "Nameservers for IPv4 and IPv6
Reverse Zones", BCP 155, RFC 5855, DOI 10.17487/RFC5855,
May 2010, <https://www.rfc-editor.org/info/rfc5855>.
[RFC7720] Blanchet, M. and L-J. Liman, "DNS Root Name Service
Protocol and Deployment Requirements", BCP 40, RFC 7720,
DOI 10.17487/RFC7720, December 2015,
<https://www.rfc-editor.org/info/rfc7720>.
Davies & Arkko Expires February 7, 2021 [Page 5]
Internet-Draft Nameservers for the .arpa Domain August 2020
Acknowledgments
Thank you Alyssa Cooper, Michelle Cotton, Wes Hardaker, Ted Hardie,
Paul Hoffman, Russ Housley, Duane Wessels and Suzanne Woolf for
providing review and feedback.
Authors' Addresses
Kim Davies
Internet Assigned Numbers Authority
PTI/ICANN
12025 Waterfront Drive
Los Angeles 90094
United States of America
Email: kim.davies@iana.org
Jari Arkko
Ericsson Research
02700 Kauniainen
Finland
Email: jari.arkko@ericsson.com
Davies & Arkko Expires February 7, 2021 [Page 6]