IPv6 Host Configuration of DNS Server Information Approaches
RFC 4339

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    dnsop mailing list <dnsop@ietf.org>, 
    dnsop chair <dnsop-chairs@tools.ietf.org>
Subject: Document Action: 'IPv6 Host Configuration of DNS Server 
         Information Approaches' to Informational RFC 

The IESG has approved the following document:

- 'IPv6 Host Configuration of DNS Server Information Approaches '
   <draft-ietf-dnsop-ipv6-dns-configuration-07.txt> as an Informational RFC

This document is the product of the Domain Name System Operations Working 

The IESG contact persons are David Kessens and Dan Romascanu.

A URL of this Internet-Draft is:

Technical Summary
  This document describes three approaches for IPv6 recursive DNS
  server address configuration. It details the operational attributes
  of three solutions: RA option, DHCPv6 option, and Well-known anycast
  addresses for recursive DNS servers.

Working Group Summary
  This document is a product of the dnsop working group.

Protocol Quality
  This document was reviewed by David Kessens for the IESG.


  This document describes three different approaches for the
  configuration of DNS name resolution server information in IPv6
  There is not an IETF consensus on which approach is preferred.
  The analysis in this document was developed by the proponents for
  each approach and does not represent an IETF consensus.
  The 'RA option' and 'Well-known anycast' approaches described in
  this document are not standardized. Consequently the analysis for
  these approaches might not be completely applicable to any specific
  proposal that might be proposed in the future.

Note to RFC Editor

  In 'Abstract':


   Therefore, this document will give the audience a guideline for IPv6 host
   DNS configuration.
  In section '3.1  RA Option':


   However, it is worth noting that some link layers, such as Wireless
   LANs (e.g., IEEE 802.11 a/b/g), do not support reliable multicast,
   which means that they cannot guarantee the timely delivery of RA
   messages [25]-[28].  This is discussed in Appendix A.


  In section '3.1.1 Advantages':


   This works well on links that support
   broadcast reliably (e.g., Ethernet LANs) but not necessarily on
   other links (e.g., Wireless LANs): Refer to Appendix A.

  Same section, directly after the sentences that should be deleted:


   Also, this works 

   This works

  In section '3.1.3  Observations':


   needed, but exclude public WLAN hot spots.



   The observation section is based on what the proponents of each
   approach think makes a good overall solution.

  In section '3.2.1  Advantages':

   This capability is important in some network deployments such as service
   provider networks or WiFi hot spots.

  In section '3.2.3  Observations':              


   on a cell phone network


   in a mobile phone network


  In section '3.3.1  Advantages':


   Another advantage is that the approach needs to configure DNS servers as a
   router, but nothing else.

   Another advantage is that this approach only needs configuration of the DNS
   server as a router (or configuration of a proxy router).


  At the end of section '3.3.2  Disadvantages':


   In addition, routers at the boundary of the "site" might need the
   configuration of route filters to prevent providing DNS services to parties
   outside the "site" and the possibility of denial of service attacks on the
   internal DNS infrastructure.


  In section '6.3  Well-known Anycast Addresses':


   Well-known anycast addresses does not require configuration security since
   there is no protocol [9].
   The DNS server with the preconfigured addresses are still reasonably
   reliable, if local environment is reasonably secure, that is, there is no
   active attackers receiving queries to the anycast addresses of the servers
   and reply to them.

   The Well-known anycast addresses approach is not a protocol thus there is no
   need to secure the protocol itself.

   However, denial of service attacks on the DNS resolver system might be
   easier to achieve as the anycast addresses used are by definition well



 'Appendix A.  Link-layer Multicast Acknowledgements for RA Option'.