4 DNS Operations WG J. Jeong, Ed.
5 Internet-Draft ETRI/University of Minnesota
6 Expires: November 6, 2005 May 5, 2005
9 IPv6 Host Configuration of DNS Server Information Approaches
10 draft-ietf-dnsop-ipv6-dns-configuration-06.txt
14 This document is an Internet-Draft and is subject to all provisions
15 of Section 3 of RFC 3667. By submitting this Internet-Draft, each
16 author represents that any applicable patent or other IPR claims of
17 which he or she is aware have been or will be disclosed, and any of
18 which he or she become aware will be disclosed, in accordance with
21 Internet-Drafts are working documents of the Internet Engineering
22 Task Force (IETF), its areas, and its working groups. Note that
23 other groups may also distribute working documents as Internet-
26 Internet-Drafts are draft documents valid for a maximum of six months
27 and may be updated, replaced, or obsoleted by other documents at any
28 time. It is inappropriate to use Internet-Drafts as reference
29 material or to cite them other than as "work in progress."
31 The list of current Internet-Drafts can be accessed at
32 http://www.ietf.org/ietf/1id-abstracts.txt.
34 The list of Internet-Draft Shadow Directories can be accessed at
35 http://www.ietf.org/shadow.html.
37 This Internet-Draft will expire on November 6, 2005.
41 Copyright (C) The Internet Society (2005).
45 This document describes three approaches for IPv6 recursive DNS
46 server address configuration. It details the operational attributes
47 of three solutions: RA option, DHCPv6 option, and Well-known anycast
48 addresses for recursive DNS servers. Additionally, it suggests the
49 deployment scenarios in four kinds of networks, such as ISP,
50 Enterprise, 3GPP, and Unmanaged networks, considering multi-solution
51 resolution. Therefore, this document will give the audience a
55 Jeong Expires November 6, 2005 [Page 1]
57 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
60 guideline for IPv6 host DNS configuration.
111 Jeong Expires November 6, 2005 [Page 2]
113 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
118 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
119 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
120 3. IPv6 DNS Configuration Approaches . . . . . . . . . . . . . . 7
121 3.1 RA Option . . . . . . . . . . . . . . . . . . . . . . . . 7
122 3.1.1 Advantages . . . . . . . . . . . . . . . . . . . . . . 8
123 3.1.2 Disadvantages . . . . . . . . . . . . . . . . . . . . 8
124 3.1.3 Observations . . . . . . . . . . . . . . . . . . . . . 9
125 3.2 DHCPv6 Option . . . . . . . . . . . . . . . . . . . . . . 9
126 3.2.1 Advantages . . . . . . . . . . . . . . . . . . . . . . 11
127 3.2.2 Disadvantages . . . . . . . . . . . . . . . . . . . . 12
128 3.2.3 Observations . . . . . . . . . . . . . . . . . . . . . 12
129 3.3 Well-known Anycast Addresses . . . . . . . . . . . . . . . 12
130 3.3.1 Advantages . . . . . . . . . . . . . . . . . . . . . . 13
131 3.3.2 Disadvantages . . . . . . . . . . . . . . . . . . . . 14
132 3.3.3 Observations . . . . . . . . . . . . . . . . . . . . . 14
133 4. Interworking among IPv6 DNS Configuration Approaches . . . . . 15
134 5. Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . 16
135 5.1 ISP Network . . . . . . . . . . . . . . . . . . . . . . . 16
136 5.1.1 RA Option Approach . . . . . . . . . . . . . . . . . . 16
137 5.1.2 DHCPv6 Option Approach . . . . . . . . . . . . . . . . 17
138 5.1.3 Well-known Anycast Addresses Approach . . . . . . . . 17
139 5.2 Enterprise Network . . . . . . . . . . . . . . . . . . . . 17
140 5.3 3GPP Network . . . . . . . . . . . . . . . . . . . . . . . 18
141 5.3.1 Currently Available Mechanisms and Recommendations . . 19
142 5.3.2 RA Extension . . . . . . . . . . . . . . . . . . . . . 19
143 5.3.3 Stateless DHCPv6 . . . . . . . . . . . . . . . . . . . 20
144 5.3.4 Well-known Addresses . . . . . . . . . . . . . . . . . 21
145 5.3.5 Recommendations . . . . . . . . . . . . . . . . . . . 21
146 5.4 Unmanaged Network . . . . . . . . . . . . . . . . . . . . 22
147 5.4.1 Case A: Gateway does not provide IPv6 at all . . . . . 22
148 5.4.2 Case B: A dual-stack gateway connected to a
149 dual-stack ISP . . . . . . . . . . . . . . . . . . . . 22
150 5.4.3 Case C: A dual-stack gateway connected to an
151 IPv4-only ISP . . . . . . . . . . . . . . . . . . . . 22
152 5.4.4 Case D: A gateway connected to an IPv6-only ISP . . . 23
153 6. Security Considerations . . . . . . . . . . . . . . . . . . . 24
154 6.1 RA Option . . . . . . . . . . . . . . . . . . . . . . . . 25
155 6.2 DHCPv6 Option . . . . . . . . . . . . . . . . . . . . . . 25
156 6.3 Well-known Anycast Addresses . . . . . . . . . . . . . . . 25
157 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 26
158 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 28
159 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29
160 9.1 Normative References . . . . . . . . . . . . . . . . . . . 29
161 9.2 Informative References . . . . . . . . . . . . . . . . . . 29
162 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 31
163 A. Link-layer Multicast Acknowledgements for RA Option . . . . . 32
167 Jeong Expires November 6, 2005 [Page 3]
169 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
172 Intellectual Property and Copyright Statements . . . . . . . . 33
223 Jeong Expires November 6, 2005 [Page 4]
225 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
230 Neighbor Discovery (ND) for IP Version 6 and IPv6 Stateless Address
231 Autoconfiguration provide the ways to configure either fixed or
232 mobile nodes with one or more IPv6 addresses, default routes and some
233 other parameters [3][4]. To support the access to additional
234 services in the Internet that are identified by a DNS name, such as a
235 web server, the configuration of at least one recursive DNS server is
236 also needed for DNS name resolution.
238 This document describes three approaches of recursive DNS server
239 address configuration for IPv6 host: (a) RA option [8], (b) DHCPv6
240 option [5]-[7], and (c) Well-known anycast addresses for recursive
241 DNS servers [9]. Also, it suggests the applicable scenarios for four
242 kinds of networks: (a) ISP network, (b) Enterprise network, (c) 3GPP
243 network, and (d) Unmanaged network.
245 This document is just an analysis of each possible approach, and does
246 not make any recommendation on a particular one or on a combination
247 of particular ones. Some approaches may even not be adopted at all
248 as a result of further discussion.
250 Therefore, the objective of this document is to help the audience
251 select the approaches suitable for IPv6 host configuration of
252 recursive DNS servers.
279 Jeong Expires November 6, 2005 [Page 5]
281 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
286 This document uses the terminology described in [3]-[9]. In
287 addition, a new term is defined below:
289 o Recursive DNS Server (RDNSS): A Recursive DNS Server is a name
290 server that offers the recursive service of DNS name resolution.
335 Jeong Expires November 6, 2005 [Page 6]
337 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
340 3. IPv6 DNS Configuration Approaches
342 In this section, the operational attributes of the three solutions
343 are described in detail.
347 The RA approach is to define a new ND option called the RDNSS option
348 that contains a recursive DNS server address. Existing ND transport
349 mechanisms (i.e., advertisements and solicitations) are used. This
350 works in the same way that nodes learn about routers and prefixes.
351 An IPv6 host can configure the IPv6 addresses of one or more RDNSSes
352 via RA message periodically sent by a router or solicited by a Router
353 Solicitation (RS) [8].
355 This approach needs RDNSS information to be configured in the routers
356 doing the advertisements. The configuration of RDNSS addresses can
357 be performed manually by an operator or other ways, such as automatic
358 configuration through a DHCPv6 client running on the router. When
359 advertising more than one RDNSS option, an RA message includes as
360 many RDNSS options as RDNSSes.
362 Through the ND protocol and RDNSS option along with a prefix
363 information option, an IPv6 host can perform its network
364 configuration of its IPv6 address and RDNSS simultaneously [3][4].
365 The RA option for RDNSS can be used on any network that supports the
368 However, it is worth noting that some link layers, such as Wireless
369 LANs (e.g., IEEE 802.11 a/b/g), do not support reliable multicast,
370 which means that they cannot guarantee the timely delivery of RA
371 messages [25]-[28]. This is discussed in Appendix A.
373 The RA approach is useful in some mobile environments where the
374 addresses of the RDNSSes are changing because the RA option includes
375 a lifetime field that allows client to use RDNSSes nearer to the
376 client. This can be configured to a value that will require the
377 client to time out the entry and switch over to another RDNSS address
378 [8]. However, from the viewpoint of implementation, the lifetime
379 field would seem to make matters a bit more complex. Instead of just
380 writing to a DNS configuration file, such as resolv.conf for the list
381 of RDNSS addresses, we have to have a daemon around (or a program
382 that is called at the defined intervals) that keeps monitoring the
383 lifetime of RDNSSes all the time.
385 The preference value of RDNSS, included in the RDNSS option, allows
386 IPv6 hosts to select primary RDNSS among several RDNSSes; this can be
387 used for the load balancing of RDNSSes [8].
391 Jeong Expires November 6, 2005 [Page 7]
393 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
398 The RA option for RDNSS has a number of advantages. These include:
400 1. The RA option is an extension of existing ND/Autoconfig
401 mechanisms [3][4], and does not require a change in the base ND
404 2. This approach, like ND, works well on a variety of link types
405 including point-to-point links, point-to-multipoint, and
406 multipoint-to-multipoint (i.e., Ethernet LANs), etc. RFC 2461
407 [3] states, however, that there may be some link types on which
408 ND is not feasible; on such links, some other mechanisms will be
409 needed for DNS configuration.
411 3. All of the information a host needs to run the basic Internet
412 applications such as the email, web, ftp, etc., can be obtained
413 with the addition of this option to ND and address
414 autoconfiguration. The use of a single mechanism is more
415 reliable and easier to provide than when the RDNSS information is
416 learned via another protocol mechanism. Debugging problems when
417 multiple protocol mechanisms are being used is harder and much
420 4. This mechanism works over a broad range of scenarios and
421 leverages IPv6 ND. This works well on links that support
422 broadcast reliably (e.g., Ethernet LANs) but not necessarily on
423 other links (e.g., Wireless LANs): Refer to Appendix A. Also,
424 this works well on links that are high performance (e.g.,
425 Ethernet LANs) and low performance (e.g., Cellular networks). In
426 the latter case, by combining the RDNSS information with the
427 other information in the RA, the host can learn all of the
428 information needed to use most Internet applications, such as the
429 web in a single packet. This not only saves bandwidth where this
430 is an issue, but also minimizes the delay needed to learn the
433 5. The RA approach could be used as a model for other similar types
434 of configuration information. New RA options for other server
435 addresses, such as NTP server address, that are common to all
436 clients on a subnet would be easy to define.
441 1. ND is mostly implemented in the kernel of operating system.
442 Therefore, if ND supports the configuration of some additional
443 services, such as DNS servers, ND should be extended in the
447 Jeong Expires November 6, 2005 [Page 8]
449 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
452 kernel, and complemented by a user-land process. DHCPv6,
453 however, has more flexibility for the extension of service
454 discovery because it is an application layer protocol.
456 2. The current ND framework should be modified to facilitate the
457 synchronization between another ND cache for RDNSSes in the
458 kernel space and the DNS configuration file in the user space.
459 Because it is unacceptable to write and rewrite to the DNS
460 configuration file (e.g., resolv.conf) from the kernel, another
461 approach is needed. One simple approach to solve this is to have
462 a daemon listening to what the kernel conveys, and to have the
463 daemon do these steps, but such a daemon is not needed with the
464 current ND framework.
466 3. It is necessary to configure RDNSS addresses at least at one
467 router on every link where this information needs to be
468 configured via the RA option.
473 The proposed RDNSS RA option along with the IPv6 ND and
474 Autoconfiguration allows a host to obtain all of the information it
475 needs to access the basic Internet services like the web, email, ftp,
476 etc. This is preferable in the environments where hosts use RAs to
477 autoconfigure their addresses and all the hosts on the subnet share
478 the same router and server addresses. If the configuration
479 information can be obtained from a single mechanism, it is preferable
480 because it does not add additional delay, and it uses a minimum of
481 bandwidth. The environments like this include the homes, public
482 cellular networks, and enterprise environments where no per host
483 configuration is needed, but exclude public WLAN hot spots.
485 DHCPv6 is preferable where it is being used for address configuration
486 and if there is a need for host specific configuration [5]-[7]. The
487 environments like this are most likely to be the enterprise
488 environments where the local administration chooses to have per host
489 configuration control.
493 The observation section is based on what the proponents of each
494 approach think makes a good overall solution.
498 DHCPv6 [5] includes the "DNS Recursive Name Server" option, through
499 which a host can obtain a list of IP addresses of recursive DNS
503 Jeong Expires November 6, 2005 [Page 9]
505 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
508 servers [7]. The DNS Recursive Name Server option carries a list of
509 IPv6 addresses of RDNSSes to which the host may send DNS queries.
510 The DNS servers are listed in the order of preference for use by the
511 DNS resolver on the host.
513 The DNS Recursive Name Server option can be carried in any DHCPv6
514 Reply message, in response to either a Request or an Information
515 request message. Thus, the DNS Recursive Name Server option can be
516 used either when DHCPv6 is used for address assignment, or when
517 DHCPv6 is used only for other configuration information as stateless
520 Stateless DHCPv6 can be deployed either using DHCPv6 servers running
521 on general-purpose computers, or on router hardware. Several router
522 vendors currently implement stateless DHCPv6 servers. Deploying
523 stateless DHCPv6 in routers has the advantage that no special
524 hardware is required, and should work well for networks where DHCPv6
525 is needed for very straightforward configuration of network devices.
527 However, routers can also act as DHCPv6 relay agents. In this case,
528 the DHCPv6 server need not be on the router - it can be on a general
529 purpose computer. This has the potential to give the operator of the
530 DHCPv6 server more flexibility in how the DHCPv6 server responds to
531 individual clients - clients can easily be given different
532 configuration information based on their identity, or for any other
533 reason. Nothing precludes adding this flexibility to a router, but
534 generally in current practice, DHCP servers running on general-
535 purpose hosts tend to have more configuration options than those that
536 are embedded in routers.
538 DHCPv6 currently provides a mechanism for reconfiguring DHCPv6
539 clients that use a stateful configuration assignment. To do this,
540 the DHCPv6 server sends a Reconfigure message to the client. The
541 client validates the Reconfigure message, and then contacts the
542 DHCPv6 server to obtain updated configuration information. Using
543 this mechanism, it is currently possible to propagate new
544 configuration information to DHCPv6 clients as this information
547 The DHC Working Group is currently studying an additional mechanism
548 through which configuration information, including the list of
549 RDNSSes, can be updated. The lifetime option for DHCPv6 [10] assigns
550 a lifetime to configuration information obtained through DHCPv6. At
551 the expiration of the lifetime, the host contacts the DHCPv6 server
552 to obtain updated configuration information, including the list of
553 RDNSSes. This lifetime gives the network administrator another
554 mechanism to configure hosts with new RDNSSes by controlling the time
555 at which the host refreshes the list.
559 Jeong Expires November 6, 2005 [Page 10]
561 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
564 The DHC Working Group has also discussed the possibility of defining
565 an extension to DHCPv6 that would allow the use of multicast to
566 provide configuration information to multiple hosts with a single
567 DHCPv6 message. Because of the lack of deployment experience, the WG
568 has deferred consideration of multicast DHCPv6 configuration at this
569 time. Experience with DHCPv4 has not identified a requirement for
570 multicast message delivery, even in large service provider networks
571 with tens of thousands of hosts that may initiate a DHCPv4 message
572 exchange simultaneously.
576 The DHCPv6 option for RDNSS has a number of advantages. These
579 1. DHCPv6 currently provides a general mechanism for conveying
580 network configuration information to clients. So configuring
581 DHCPv6 servers allows the network administrator to configure
582 RDNSSes along with the addresses of other network services, as
583 well as location-specific information like time zones.
585 2. As a consequence, when the network administrator goes to
586 configure DHCPv6, all the configuration information can be
587 managed through a single service, typically with a single user
588 interface and a single configuration database.
590 3. DHCPv6 allows for the configuration of a host with information
591 specific to that host, so that hosts on the same link can be
592 configured with different RDNSSes as well as with other
593 configuration information. This capability is important in some
594 network deployments such as service provider networks or WiFi hot
597 4. A mechanism exists for extending DHCPv6 to support the
598 transmission of additional configuration that has not yet been
601 5. Hosts that require other configuration information such as the
602 addresses of SIP servers and NTP servers are likely to need
603 DHCPv6 for other configuration information.
605 6. The specification for configuration of RDNSSes through DHCPv6 is
606 available as an RFC. No new protocol extensions such as new
607 options are necessary.
609 7. Interoperability among independent implementations has been
615 Jeong Expires November 6, 2005 [Page 11]
617 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
622 The DHCPv6 option for RDNSS has a few disadvantages. These include:
624 1. Update currently requires message from server (however, see
627 2. Because DNS information is not contained in RA messages, the host
628 must receive two messages from the router, and must transmit at
629 least one message to the router. On networks where bandwidth is
630 at a premium, this is a disadvantage, although on most networks
631 it is not a practical concern.
633 3. Increased latency for initial configuration - in addition to
634 waiting for an RA message, the client must now exchange packets
635 with a DHCPv6 server; even if it is locally installed on a
636 router, this will slightly extend the time required to configure
637 the client. For clients that are moving rapidly from one network
638 to another, this will be a disadvantage.
643 In the general case, on general-purpose networks, stateless DHCPv6
644 provides significant advantages and no significant disadvantages.
645 Even in the case where bandwidth is at a premium and low latency is
646 desired, if hosts require other configuration information in addition
647 to a list of RDNSSes or if hosts must be configured selectively,
648 those hosts will use DHCPv6 and the use of the DHCPv6 DNS recursive
649 name server option will be advantageous.
651 However, we are aware of some applications where it would be
652 preferable to put the RDNSS information into an RA packet; for
653 example, on a cell phone network, where bandwidth is at a premium and
654 extremely low latency is desired. The final DNS configuration draft
655 should be written so as to allow these special applications to be
656 handled using DNS information in the RA packet.
658 3.3 Well-known Anycast Addresses
660 Anycast uses the same routing system as unicast [11]. However,
661 administrative entities are local ones. The local entities may
662 accept unicast routes (including default routes) to anycast servers
663 from adjacent entities. The administrative entities should not
664 advertise their peers routes to their internal anycast servers, if
665 they want to prohibit external access from some peers to the servers.
666 If some advertisement is inevitable (such as the case with default
667 routes), the packets to the servers should be blocked at the boundary
671 Jeong Expires November 6, 2005 [Page 12]
673 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
676 of the entities. Thus, for this anycast, not only unicast routing
677 but also unicast ND protocols can be used as is.
679 First of all, the well-known anycast addresses approach is much
680 different from that discussed at IPv6 Working Group in the past [9].
681 It should be noted that "anycast" in this memo is simpler than that
682 of RFC 1546 [11] and RFC 3513 [12] where it is assumed to be
683 prohibited to have multiple servers on a single link sharing an
684 anycast address. That is, on a link, an anycast address is assumed
685 to be unique. DNS clients today already have redundancy by having
686 multiple well-known anycast addresses configured as RDNSS addresses.
687 There is no point in having multiple RDNSSes sharing an anycast
688 address on a single link.
690 The approach with well-known anycast addresses is to set multiple
691 well-known anycast addresses in clients' resolver configuration files
692 from the beginning, say, as factory default. Thus, there is no
693 transport mechanism and no packet format [9].
695 An anycast address is an address shared by multiple servers (in this
696 case, the servers are RDNSSes). A request from a client to the
697 anycast address is routed to a server selected by the routing system.
698 However, it is a bad idea to mandate "site" boundary on anycast
699 addresses, because most users just do not have their own servers and
700 want to access their ISPs' across their site boundaries. Larger
701 sites may also depend on their ISPs or may have their own RDNSSes
702 within "site" boundaries.
706 The basic advantage of the well-known addresses approach is that it
707 uses no transport mechanism. Thus,
709 1. There is no delay to get the response and no further delay by
712 2. The approach can be combined with any other configuration
713 mechanisms, such as the RA-based approach and DHCP based
714 approach, as well as the factory default configuration.
716 3. The approach works over any environment where DNS works.
718 Another advantage is that the approach needs to configure DNS servers
719 as a router, but nothing else. Considering that DNS servers do need
720 configuration, the amount of overall configuration effort is
721 proportional to the number of the DNS servers and scales linearly.
722 It should be noted that, in the simplest case where a subscriber to
723 an ISP does not have any DNS server, the subscriber naturally
727 Jeong Expires November 6, 2005 [Page 13]
729 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
732 accesses DNS servers of the ISP even though the subscriber and the
733 ISP do nothing and there is no protocol to exchange DNS server
734 information between the subscriber and the ISP.
738 Well-known anycast addresses approach requires that DNS servers (or
739 routers near it as a proxy) act as routers to advertise their anycast
740 addresses to the routing system, which requires some configuration
741 (see the last paragraph of the previous section on the scalability of
746 If other approaches are used in addition, the well-known anycast
747 addresses should also be set in RA or DHCP configuration files to
748 reduce the configuration effort of users.
750 The redundancy by multiple RDNSSes is better provided by multiple
751 servers having different anycast addresses than multiple servers
752 sharing the same anycast address because the former approach allows
753 stale servers to still generate routes to their anycast addresses.
754 Thus, in a routing domain (or domains sharing DNS servers), there
755 will be only one server having an anycast address unless the domain
756 is so large that load distribution is necessary.
758 Small ISPs will operate one RDNSS at each anycast address which is
759 shared by all the subscribers. Large ISPs may operate multiple
760 RDNSSes at each anycast address to distribute and reduce load, where
761 the boundary between RDNSSes may be fixed (redundancy is still
762 provided by multiple addresses) or change dynamically. DNS packets
763 with the well-known anycast addresses are not expected (though not
764 prohibited) to cross ISP boundaries, as ISPs are expected to be able
765 to take care of themselves.
767 Because "anycast" in this memo is simpler than that of RFC 1546 [11]
768 and RFC 3513 [12] where it is assumed to be administratively
769 prohibited to have multiple servers on a single link sharing an
770 anycast address, anycast in this memo should be implemented as
771 UNICAST of RFC 2461 [3] and RFC 3513 [12]. As a result, ND-related
772 instability disappears. Thus, anycast in well-known anycast
773 addresses approach can and should use the anycast address as a source
774 unicast (according to RFC 3513 [12]) address of packets of UDP and
775 TCP responses. With TCP, if a route flips and packets to an anycast
776 address are routed to a new server, it is expected that the flip is
777 detected by ICMP or sequence number inconsistency and the TCP
778 connection is reset and retried.
783 Jeong Expires November 6, 2005 [Page 14]
785 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
788 4. Interworking among IPv6 DNS Configuration Approaches
790 Three approaches can work together for IPv6 host configuration of
791 RDNSS. This section shows a consideration on how these approaches
792 can interwork each other.
794 For ordering between RA and DHCP approaches, the O (Other stateful
795 configuration) flag in RA message can be used [8][32]. If no RDNSS
796 option is included, an IPv6 host may perform DNS configuration
797 through DHCPv6 [5]-[7] regardless of whether the O flag is set or
800 The well-known anycast addresses approach fully interworks with the
801 other approaches. That is, the other approaches can remove the
802 configuration effort on servers by using the well-known addresses as
803 the default configuration. Moreover, the clients preconfigured with
804 the well-known anycast addresses can be further configured to use
805 other approaches to override the well-known addresses, if the
806 configuration information from other approaches is available.
807 Otherwise, all the clients need to have the well-known anycast
808 addresses preconfigured. In order to use the anycast approach along
809 with two other approaches, there are three choices as follows:
811 1. The first choice is that well-known addresses are used as last
812 resort, when an IPv6 host cannot get RDNSS information through RA
813 and DHCP. The well-known anycast addresses have to be
814 preconfigured in all of IPv6 hosts' resolver configuration files.
816 2. The second is that an IPv6 host can configure well-known
817 addresses as the most preferable in its configuration file even
818 though either an RA option or DHCP option is available.
820 3. The last is that the well-known anycast addresses can be set in
821 RA or DHCP configuration to reduce the configuration effort of
822 users. According to either the RA or DHCP mechanism, the well-
823 known addresses can be obtained by an IPv6 host. Because this
824 approach is the most convenient for users, the last option is
830 This section does not necessarily mean this document suggests
831 adopting all these three approaches and making them interwork in the
832 way described here. In fact, some approaches may even not be adopted
833 at all as a result of further discussion.
839 Jeong Expires November 6, 2005 [Page 15]
841 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
844 5. Deployment Scenarios
846 Regarding the DNS configuration on the IPv6 host, several mechanisms
847 are being considered at the DNSOP Working Group such as RA option,
848 DHCPv6 option and well-known preconfigured anycast addresses as of
849 today, and this document is a final result from the long thread. In
850 this section, we suggest four applicable scenarios of three
851 approaches for IPv6 DNS configuration.
855 In the applicable scenarios, authors do not implicitly push any
856 specific approaches into the restricted environments. No enforcement
857 is in each scenario and all mentioned scenarios are probable. The
858 main objective of this work is to provide a useful guideline for IPv6
863 A characteristic of ISP network is that multiple Customer Premises
864 Equipment (CPE) devices are connected to IPv6 PE (Provider Edge)
865 routers and each PE connects multiple CPE devices to the backbone
866 network infrastructure [13]. The CPEs may be hosts or routers.
868 In the case where the CPE is a router, there is a customer network
869 that is connected to the ISP backbone through the CPE. Typically,
870 each customer network gets a different IPv6 prefix from an IPv6 PE
871 router, but the same RDNSS configuration will be distributed.
873 This section discusses how the different approaches to distributing
874 DNS information are compared in an ISP network.
876 5.1.1 RA Option Approach
878 When the CPE is a host, the RA option for RDNSS can be used to allow
879 the CPE to get RDNSS information as well as /64 prefix information
880 for stateless address autoconfiguration at the same time when the
881 host is attached to a new subnet [8]. Because an IPv6 host must
882 receive at least one RA message for stateless address
883 autoconfiguration and router configuration, the host could receive
884 RDNSS configuration information in that RA without the overhead of an
885 additional message exchange.
887 When the CPE is a router, the CPE may accept the RDNSS information
888 from the RA on the interface connected to the ISP, and copy that
889 information into the RAs advertised in the customer network.
891 This approach is more valuable in the mobile host scenario, in which
895 Jeong Expires November 6, 2005 [Page 16]
897 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
900 the host must receive at least an RA message for detecting a new
901 network, than in other scenarios generally although administrator
902 should configure RDNSS information on the routers. Secure ND [14]
903 can provide extended security when using RA messages.
905 5.1.2 DHCPv6 Option Approach
907 DHCPv6 can be used for RDNSS configuration through the use of the DNS
908 option, and can provide other configuration information in the same
909 message with RDNSS configuration [5]-[7]. The DHCPv6 DNS option is
910 already in place for DHCPv6 as RFC 3646 [7] and DHCPv6-lite or
911 stateless DHCP [6] is nowhere as complex as a full DHCPv6
912 implementation. DHCP is a client-server model protocol, so ISPs can
913 handle user identification on its network intentionally, and also
914 authenticated DHCP [15] can be used for secure message exchange.
916 The expected model for deployment of IPv6 service by ISPs is to
917 assign a prefix to each customer, which will be used by the customer
918 gateway to assign a /64 prefix to each network in the customer's
919 network. Prefix delegation with DHCP (DHCPv6 PD) has already been
920 adopted by ISPs for automating the assignment of the customer prefix
921 to the customer gateway [17]. DNS configuration can be carried in
922 the same DHCPv6 message exchange used for DHCPv6 to efficiently
923 provide that information, along with any other configuration
924 information needed by the customer gateway or customer network. This
925 service model can be useful to Home or SOHO subscribers. The Home or
926 SOHO gateway, which is a customer gateway for ISP, can then pass that
927 RDNSS configuration information to the hosts in the customer network
930 5.1.3 Well-known Anycast Addresses Approach
932 The well-known anycast addresses approach is also a feasible and
933 simple mechanism for ISP [9]. The use of well-known anycast
934 addresses avoids some of the security risks in rogue messages sent
935 through an external protocol like RA or DHCPv6. The configuration of
936 hosts for the use of well-known anycast addresses requires no
937 protocol or manual configuration, but the configuration of routing
938 for the anycast addresses requires intervention on the part of the
939 network administrator. Also, the number of special addresses would
940 be equal to the number of RDNSSes that could be made available to
943 5.2 Enterprise Network
945 Enterprise network is defined as a network that has multiple internal
946 links, one or more router connections, to one or more Providers and
947 is actively managed by a network operations entity [16]. An
951 Jeong Expires November 6, 2005 [Page 17]
953 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
956 enterprise network can get network prefixes from an ISP by either
957 manual configuration or prefix delegation [17]. In most cases,
958 because an enterprise network manages its own DNS domains, it
959 operates its own DNS servers for the domains. These DNS servers
960 within enterprise network process recursive DNS name resolution
961 requests from IPv6 hosts as RDNSSes. The RDNSS configuration in the
962 enterprise network can be performed like in Section 4, in which three
963 approaches can be used together as follows:
965 1. An IPv6 host can decide which approach is or may be used in its
966 subnet with the O flag in RA message [8][32]. As the first
967 choice in Section 4, well-known anycast addresses can be used as
968 a last resort when RDNSS information cannot be obtained through
969 either an RA option or DHCP option. This case needs IPv6 hosts
970 to preconfigure the well-known anycast addresses in their DNS
973 2. When the enterprise prefers the well-known anycast approach to
974 others, IPv6 hosts should preconfigure the well-known anycast
975 addresses like in the first choice.
977 3. The last choice, a more convenient and transparent way, does not
978 need IPv6 hosts to preconfigure the well-known anycast addresses
979 because the addresses are delivered to IPv6 hosts via either the
980 RA option or DHCPv6 option as if they were unicast addresses.
981 This way is most recommended for the sake of user's convenience.
986 The IPv6 DNS configuration is a missing part of IPv6
987 autoconfiguration and an important part of the basic IPv6
988 functionality in the 3GPP User Equipment (UE). The higher level
989 description of the 3GPP architecture can be found in [18], and
990 transition to IPv6 in 3GPP networks is analyzed in [19] and [20].
992 In the 3GPP architecture, there is a dedicated link between the UE
993 and the GGSN called the Packet Data Protocol (PDP) Context. This
994 link is created through the PDP Context activation procedure [21].
995 There is a separate PDP context type for IPv4 and IPv6 traffic. If a
996 3GPP UE user is communicating using IPv6 (having an active IPv6 PDP
997 context), it cannot be assumed that (s)he has simultaneously an
998 active IPv4 PDP context, and DNS queries could be done using IPv4. A
999 3GPP UE can thus be an IPv6 node, and it needs to somehow discover
1000 the address of the RDNSS. Before IP-based services (e.g., web
1001 browsing or e-mail) can be used, the IPv6 (and IPv4) RDNSS addresses
1002 need to be discovered in the 3GPP UE.
1007 Jeong Expires November 6, 2005 [Page 18]
1009 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1012 Section 5.3.1 briefly summarizes currently available mechanisms in
1013 3GPP networks and recommendations. 5.3.2 analyzes the Router
1014 Advertisement based solution, 5.3.3 analyzes the Stateless DHCPv6
1015 mechanism, and 5.3.4 analyzes the Well-known addresses approach.
1016 Section 5.3.5 finally summarizes the recommendations.
1018 5.3.1 Currently Available Mechanisms and Recommendations
1020 3GPP has defined a mechanism, in which RDNSS addresses can be
1021 received in the PDP context activation (a control plane mechanism).
1022 That is called the Protocol Configuration Options Information Element
1023 (PCO-IE) mechanism [22]. The RDNSS addresses can also be received
1024 over the air (using text messages), or typed in manually in the UE.
1025 Note that the two last mechanisms are not very well scalable. The UE
1026 user most probably does not want to type IPv6 RDNSS addresses
1027 manually in his/her UE. The use of well-known addresses is briefly
1028 discussed in section 5.3.4.
1030 It is seen that the mechanisms above most probably are not sufficient
1031 for the 3GPP environment. IPv6 is intended to operate in a zero-
1032 configuration manner, no matter what the underlying network
1033 infrastructure is. Typically, the RDNSS address is needed to make an
1034 IPv6 node operational - and the DNS configuration should be as simple
1035 as the address autoconfiguration mechanism. It must also be noted
1036 that there will be additional IP interfaces in some near future 3GPP
1037 UEs, e.g., WLAN, and 3GPP-specific DNS configuration mechanisms (such
1038 as PCO-IE [22]) do not work for those IP interfaces. In other words,
1039 a good IPv6 DNS configuration mechanism should also work in a multi-
1040 access network environment.
1042 From a 3GPP point of view, the best IPv6 DNS configuration solution
1043 is feasible for a very large number of IPv6-capable UEs (can be even
1044 hundreds of millions in one operator's network), is automatic and
1045 thus requires no user action. It is suggested to standardize a
1046 lightweight, stateless mechanism that works in all network
1047 environments. The solution could then be used for 3GPP, 3GPP2, WLAN
1048 and other access network technologies. A light, stateless IPv6 DNS
1049 configuration mechanism is thus not only needed in 3GPP networks, but
1050 also 3GPP networks and UEs would certainly benefit from the new
1055 Router Advertisement extension [8] is a lightweight IPv6 DNS
1056 configuration mechanism that requires minor changes in the 3GPP UE
1057 IPv6 stack and Gateway GPRS Support Node (GGSN, the default router in
1058 the 3GPP architecture) IPv6 stack. This solution can be specified in
1059 the IETF (no action needed in the 3GPP) and taken in use in 3GPP UEs
1063 Jeong Expires November 6, 2005 [Page 19]
1065 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1070 In this solution, an IPv6-capable UE configures DNS information via
1071 RA message sent by its default router (GGSN), i.e., RDNSS option for
1072 recursive DNS server is included in the RA message. This solution is
1073 easily scalable for a very large number of UEs. The operator can
1074 configure the RDNSS addresses in the GGSN as a part of normal GGSN
1075 configuration. The IPv6 RDNSS address is received in the Router
1076 Advertisement, and an extra Round Trip Time (RTT) for asking RDNSS
1077 addresses can be avoided.
1079 If thinking about the cons, this mechanism still requires
1080 standardization effort in the IETF, and the end nodes and routers
1081 need to support this mechanism. The equipment software update
1082 should, however, be pretty straightforward, and new IPv6 equipment
1083 could support RA extension already from the beginning.
1085 5.3.3 Stateless DHCPv6
1087 DHCPv6-based solution needs the implementation of Stateless DHCP [6]
1088 and DHCPv6 DNS options [7] in the UE, and a DHCPv6 server in the
1089 operator's network. A possible configuration is such that the GGSN
1090 works as a DHCP relay.
1092 Pros for Stateless DHCPv6-based solution are
1094 1. Stateless DHCPv6 is a standardized mechanism.
1096 2. DHCPv6 can be used for receiving other configuration information
1097 than RDNSS addresses, e.g., SIP server addresses.
1099 3. DHCPv6 works in different network environments.
1101 4. When DHCPv6 service is deployed through a single, centralized
1102 server, the RDNSS configuration information can be updated by the
1103 network administrator at a single source.
1105 Some issues with DHCPv6 in 3GPP networks are listed below:
1107 1. DHCPv6 requires an additional server in the network unless the
1108 (Stateless) DHCPv6 functionality is integrated into a router
1109 already existing, and that means one box more to be maintained.
1111 2. DHCPv6 is not necessarily needed for 3GPP UE IPv6 addressing
1112 (3GPP Stateless Address Autoconfiguration is typically used), and
1113 not automatically implemented in 3GPP IPv6 UEs.
1119 Jeong Expires November 6, 2005 [Page 20]
1121 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1124 3. Scalability and reliability of DHCPv6 in very large 3GPP networks
1125 (with tens or hundreds of millions of UEs) may be an issue, at
1126 least the redundancy needs to be taken care of. However, if the
1127 DHCPv6 service is integrated into the network elements, such as a
1128 router operating system, scalability and reliability is
1129 comparable with other DNS configuration approaches.
1131 4. It is sub-optimal to utilize the radio resources in 3GPP networks
1132 for DHCPv6 messages if there is a simpler alternative available.
1134 * The use of Stateless DHCPv6 adds one round trip delay to the
1135 case in which the UE can start transmitting data right after
1136 the Router Advertisement.
1138 5. If the DNS information (suddenly) changes, Stateless DHCPv6 can
1139 not automatically update the UE, see [23].
1142 5.3.4 Well-known Addresses
1144 Using well-known addresses is also a feasible and a light mechanism
1145 for 3GPP UEs. Those well-known addresses can be preconfigured in the
1146 UE software and the operator makes the corresponding configuration on
1147 the network side. So this is a very easy mechanism for the UE, but
1148 requires some configuration work in the network. When using well-
1149 known addresses, UE forwards queries to any of the preconfigured
1150 addresses. In the current proposal [9], IPv6 anycast addresses are
1155 The IPv6 DNS configuration proposal based on the use of well-known
1156 site-local addresses developed at the IPv6 Working Group was seen as
1157 a feasible mechanism for 3GPP UEs, but opposition by some people in
1158 the IETF and finally deprecating IPv6 site-local addresses made it
1159 impossible to standardize it. Note that this mechanism is
1160 implemented in some existing operating systems today (also in some
1161 3GPP UEs) as a last resort of IPv6 DNS configuration.
1163 5.3.5 Recommendations
1165 It is suggested that a lightweight, stateless DNS configuration
1166 mechanism is specified as soon as possible. From a 3GPP UE and
1167 network point of view, the Router Advertisement based mechanism looks
1168 most promising. The sooner a light, stateless mechanism is
1169 specified, the sooner we can get rid of using well-known site-local
1170 addresses for IPv6 DNS configuration.
1175 Jeong Expires November 6, 2005 [Page 21]
1177 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1180 5.4 Unmanaged Network
1182 There are 4 deployment scenarios of interest in unmanaged networks
1185 1. A gateway which does not provide IPv6 at all;
1187 2. A dual-stack gateway connected to a dual-stack ISP;
1189 3. A dual-stack gateway connected to an IPv4-only ISP; and
1191 4. A gateway connected to an IPv6-only ISP.
1194 5.4.1 Case A: Gateway does not provide IPv6 at all
1196 In this case, the gateway does not provide IPv6; the ISP may or may
1197 not provide IPv6. Automatic or Configured tunnels are the
1198 recommended transition mechanisms for this scenario.
1200 The case where dual-stack hosts behind an NAT, that need access to an
1201 IPv6 RDNSS, cannot be entirely ruled out. The DNS configuration
1202 mechanism has to work over the tunnel, and the underlying tunneling
1203 mechanism could be implementing NAT traversal. The tunnel server
1204 assumes the role of a relay (both for DHCP and Well-known anycast
1205 addresses approaches).
1207 RA-based mechanism is relatively straightforward in its operation,
1208 assuming the tunnel server is also the IPv6 router emitting RAs.
1209 Well-known anycast addresses approach seems also simple in operation
1210 across the tunnel, but the deployment model using Well-known anycast
1211 addresses in a tunneled environment is unclear or not well
1214 5.4.2 Case B: A dual-stack gateway connected to a dual-stack ISP
1216 This is similar to a typical IPv4 home user scenario, where DNS
1217 configuration parameters are obtained using DHCP. Except that
1218 Stateless DHCPv6 is used, as opposed to the IPv4 scenario where the
1219 DHCP server is stateful (maintains the state for clients).
1221 5.4.3 Case C: A dual-stack gateway connected to an IPv4-only ISP
1223 This is similar to Case B. If a gateway provides IPv6 connectivity by
1224 managing tunnels, then it is also supposed to provide access to an
1225 RDNSS. Like this, the tunnel for IPv6 connectivity originates from
1226 the dual-stack gateway instead of the host.
1231 Jeong Expires November 6, 2005 [Page 22]
1233 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1236 5.4.4 Case D: A gateway connected to an IPv6-only ISP
1238 This is similar to Case B.
1287 Jeong Expires November 6, 2005 [Page 23]
1289 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1292 6. Security Considerations
1294 As security requirements depend solely on applications and are
1295 different application by application, there can be no generic
1296 requirement defined at IP or application layer for DNS.
1298 However, it should be noted that cryptographic security requires
1299 configured secret information that full autoconfiguration and
1300 cryptographic security are mutually exclusive. People insisting on
1301 secure full autoconfiguration will get false security, false
1302 autoconfiguration or both.
1304 In some deployment scenarios [19], where cryptographic security is
1305 required for applications, the secret information for the
1306 cryptographic security is preconfigured through which application
1307 specific configuration data, including those for DNS, can be securely
1308 configured. It should be noted that if applications requiring
1309 cryptographic security depend on DNS, the applications also require
1310 cryptographic security to DNS. Therefore, the full autoconfiguration
1311 of DNS is not acceptable.
1313 However, with full autoconfiguration, weaker but still reasonable
1314 security is being widely accepted and will continue to be acceptable.
1315 That is, with full autoconfiguration, which means there is no
1316 cryptographic security for the autoconfiguration, it is already
1317 assumed that the local environment is secure enough that the
1318 information from the local autoconfiguration server has acceptable
1319 security even without cryptographic security. Thus, the
1320 communication between the local DNS client and local DNS server has
1321 acceptable security.
1323 In autoconfiguring recursive servers, DNSSEC may be overkill, because
1324 DNSSEC [29] needs the configuration and reconfiguration of clients at
1325 root key roll-over [30][31]. Even if additional keys for secure key
1326 roll-over are added at the initial configuration, they are as
1327 vulnerable as the original keys to some forms of attacks, such as
1328 social hacking. Another problem of using DNSSEC and
1329 autoconfiguration together is that DNSSEC requires secure time, which
1330 means secure communication with autoconfigured time servers, which
1331 requires configured secret information. Therefore, in order that the
1332 autoconfiguration may be secure, it requires configured secret
1335 If DNSSEC [29] is used and the signatures are verified on the client
1336 host, the misconfiguration of a DNS server may be simply denial of
1337 service. Also, if local routing environment is not reliable, clients
1338 may be directed to a false resolver with the same IP address as the
1343 Jeong Expires November 6, 2005 [Page 24]
1345 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1350 The security of RA option for RDNSS is the same as the ND protocol
1351 security [3][8]. The RA option does not add any new vulnerability.
1353 It should be noted that the vulnerability of ND is not worse and is a
1354 subset of the attacks that any node attached to a LAN can do
1355 independently of ND. A malicious node on a LAN can promiscuously
1356 receive packets for any router's MAC address and send packets with
1357 the router's MAC address as the source MAC address in the L2 header.
1358 As a result, the L2 switches send packets addressed to the router to
1359 the malicious node. Also, this attack can send redirects that tell
1360 the hosts to send their traffic somewhere else. The malicious node
1361 can send unsolicited RA or NA replies, answer RS or NS requests, etc.
1362 All of this can be done independently of implementing ND. Therefore,
1363 the RA option for RDNSS does not add to the vulnerability.
1365 Security issues regarding the ND protocol were discussed at IETF SEND
1366 (Securing Neighbor Discovery) Working Group and RFC 3971 for the ND
1367 security has been published [14].
1371 The DNS Recursive Name Server option may be used by an intruder DHCP
1372 server to cause DHCP clients to send DNS queries to an intruder DNS
1373 recursive name server [7]. The results of these misdirected DNS
1374 queries may be used to spoof DNS names.
1376 To avoid attacks through the DNS Recursive Name Server option, the
1377 DHCP client SHOULD require DHCP authentication (see section
1378 "Authentication of DHCP messages" in RFC 3315 [5]) before installing
1379 a list of DNS recursive name servers obtained through authenticated
1382 6.3 Well-known Anycast Addresses
1384 Well-known anycast addresses does not require configuration security
1385 since there is no protocol [9].
1387 The DNS server with the preconfigured addresses are still reasonably
1388 reliable, if local environment is reasonably secure, that is, there
1389 is no active attackers receiving queries to the anycast addresses of
1390 the servers and reply to them.
1399 Jeong Expires November 6, 2005 [Page 25]
1401 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1408 1414 Massachusetts Ave.
1412 Phone: +1 978 936 1674
1413 Email: rdroms@cisco.com
1419 Mountain View, CA 94043
1422 Phone: +1 650 625 2004
1423 Email: bob.hinden@nokia.com
1429 Redwood City, CA 94043
1432 Email: Ted.Lemon@nominum.com
1436 Tokyo Institute of Technology
1437 2-12-1, O-okayama, Meguro-ku
1441 Phone: +81 3 5734 3299
1442 Fax: +81 3 5734 3299
1443 Email: mohta@necom830.hpcl.titech.ac.jp
1447 Mobile Platform Laboratory, SAMSUNG Electronics
1448 416 Maetan-3dong, Yeongtong-Gu
1449 Suwon, Gyeonggi-Do 443-742
1455 Jeong Expires November 6, 2005 [Page 26]
1457 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1460 Phone: +82 31 200 4508
1461 Email: soohong.park@samsung.com
1469 Email: satapati@cisco.com
1478 Phone: +358 7180 48372
1479 Email: juha.wiljakka@nokia.com
1511 Jeong Expires November 6, 2005 [Page 27]
1513 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1518 This draft has greatly benefited from inputs by David Meyer, Rob
1519 Austein, Tatuya Jinmei, Pekka Savola, Tim Chown, Luc Beloeil,
1520 Christian Huitema, Thomas Narten, Pascal Thubert, and Greg Daley.
1521 Also, Tony Bonanno proofread this draft. The authors appreciate
1567 Jeong Expires November 6, 2005 [Page 28]
1569 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1574 9.1 Normative References
1576 [1] Bradner, S., "IETF Rights in Contributions", RFC 3667,
1579 [2] Bradner, S., "Intellectual Property Rights in IETF Technology",
1580 RFC 3668, February 2004.
1582 [3] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery
1583 for IP Version 6 (IPv6)", RFC 2461, December 1998.
1585 [4] Thomson, S. and T. Narten, "IPv6 Stateless Address
1586 Autoconfiguration", RFC 2462, December 1998.
1588 [5] Droms, R., Ed., "Dynamic Host Configuration Protocol for IPv6
1589 (DHCPv6)", RFC 3315, July 2003.
1591 [6] Droms, R., "Stateless Dynamic Host Configuration Protocol (DHCP)
1592 Service for IPv6", RFC 3736, April 2004.
1594 [7] Droms, R., Ed., "DNS Configuration options for Dynamic Host
1595 Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
1598 9.2 Informative References
1600 [8] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, "IPv6 DNS
1601 Discovery based on Router Advertisement",
1602 draft-jeong-dnsop-ipv6-dns-discovery-04.txt (Work in Progress),
1605 [9] Ohta, M., "Preconfigured DNS Server Addresses",
1606 draft-ohta-preconfigured-dns-01.txt (Work in Progress),
1609 [10] Venaas, S., Chown, T., and B. Volz, "Information Refresh Time
1610 Option for DHCPv6", draft-ietf-dhc-lifetime-03.txt (Work in
1611 Progress), January 2005.
1613 [11] Partridge, C., Mendez, T., and W. Milliken, "Host Anycasting
1614 Service", RFC 1546, November 1993.
1616 [12] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6)
1617 Addressing Architecture", RFC 3513, April 2003.
1619 [13] Lind, M., Ed., "Scenarios and Analysis for Introduction IPv6
1623 Jeong Expires November 6, 2005 [Page 29]
1625 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1628 into ISP Networks", RFC 4029, March 2005.
1630 [14] Arkko, J., Ed., "SEcure Neighbor Discovery (SEND)", RFC 3971,
1633 [15] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages",
1634 RFC 3118, June 2001.
1636 [16] Bound, J., Ed., "IPv6 Enterprise Network Scenarios",
1637 draft-ietf-v6ops-ent-scenarios-05.txt (Work in Progress),
1640 [17] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
1641 Configuration Protocol (DHCP) version 6", RFC 3633,
1644 [18] Wasserman, M., Ed., "Recommendations for IPv6 in 3GPP
1645 Standards", RFC 3314, September 2002.
1647 [19] Soininen, J., Ed., "Transition Scenarios for 3GPP Networks",
1648 RFC 3574, August 2003.
1650 [20] Wiljakka, J., Ed., "Analysis on IPv6 Transition in 3GPP
1651 Networks", draft-ietf-v6ops-3gpp-analysis-11.txt (Work in
1652 Progress), October 2004.
1654 [21] 3GPP TS 23.060 V5.4.0, "General Packet Radio Service (GPRS);
1655 Service description; Stage 2 (Release 5)", December 2002.
1657 [22] 3GPP TS 24.008 V5.8.0, "Mobile radio interface Layer 3
1658 specification; Core network protocols; Stage 3 (Release 5)",
1661 [23] Chown, T., Venaas, S., and A. Vijayabhaskar, "Renumbering
1662 Requirements for Stateless DHCPv6",
1663 draft-ietf-dhc-stateless-dhcpv6-renumbering-02.txt (Work in
1664 Progress), October 2004.
1666 [24] Huitema, C., Ed., "Unmanaged Networks IPv6 Transition
1667 Scenarios", RFC 3750, April 2004.
1669 [25] ANSI/IEEE Std 802.11, "Part 11: Wireless LAN Medium Access
1670 Control (MAC) and Physical Layer (PHY) Specifications",
1673 [26] IEEE Std 802.11a, "Part 11: Wireless LAN Medium Access Control
1674 (MAC) and Physical Layer (PHY) specifications: High-speed
1675 Physical Layer in the 5 GHZ Band", September 1999.
1679 Jeong Expires November 6, 2005 [Page 30]
1681 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1684 [27] IEEE Std 802.11b, "Part 11: Wireless LAN Medium Access Control
1685 (MAC) and Physical Layer (PHY) specifications: Higher-Speed
1686 Physical Layer Extension in the 2.4 GHz Band", September 1999.
1688 [28] IEEE P802.11g/D8.2, "Part 11: Wireless LAN Medium Access
1689 Control (MAC) and Physical Layer (PHY) specifications: Further
1690 Higher Data Rate Extension in the 2.4 GHz Band", April 2003.
1692 [29] Eastlake, D., "Domain Name System Security Extensions",
1693 RFC 2535, March 1999.
1695 [30] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices",
1696 draft-ietf-dnsop-dnssec-operational-practices-03.txt (Work in
1697 Progress), December 2004.
1699 [31] Guette, G. and O. Courtay, "Requirements for Automated Key
1700 Rollover in DNSSEC",
1701 draft-ietf-dnsop-key-rollover-requirements-02.txt (Work in
1702 Progress), January 2005.
1704 [32] Park, S., Madanapalli, S., and T. Jinmei, "Considerations on M
1705 and O Flags of IPv6 Router Advertisement",
1706 draft-ietf-ipv6-ra-mo-flags-01.txt (Work in Progress),
1712 Jaehoon Paul Jeong (editor)
1713 ETRI/Department of Computer Science and Engineering
1714 University of Minnesota
1715 117 Pleasant Street SE
1716 Minneapolis, MN 55455
1719 Phone: +1 651 587 7774
1720 Fax: +1 612 625 2002
1721 Email: jjeong@cs.umn.edu
1722 URI: http://www.cs.umn.edu/~jjeong/
1735 Jeong Expires November 6, 2005 [Page 31]
1737 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1740 Appendix A. Link-layer Multicast Acknowledgements for RA Option
1742 One benefit of an RA option [8] is to be able to multicast the
1743 advertisements, reducing the need for duplicated unicast
1746 However, some link-layers may not support this as well as others.
1747 Consider, for example, WLAN networks where multicast is unreliable.
1748 The unreliability problem is caused by lack of ACK for multicast,
1749 especially on the path from the Access Point (AP) to the Station
1750 (STA), which is specific to CSMA/CA of WLAN, such as IEEE 802.11
1751 a/b/g [25]-[28]. That is, a multicast packet is unacknowledged on
1752 the path from the AP to the STA, but acknowledged in the reverse
1753 direction from the STA to the AP [25]. For example, when a router is
1754 placed at wired network connected to an AP, a host may sometimes not
1755 receive RA message advertised through the AP. Therefore, the RA
1756 option solution might not work well on a congested medium that uses
1757 unreliable multicast for RA.
1759 The fact that this problem has not been addressed in Neighbor
1760 Discovery [3] indicates that the extra link-layer acknowledgements
1761 have not been considered a serious problem till now.
1763 A possible mitigation technique could be to map all-nodes link- local
1764 multicast address to the link-layer broadcast address, and to rely on
1765 the ND retransmissions for message delivery in order to achieve more
1791 Jeong Expires November 6, 2005 [Page 32]
1793 Internet-Draft IPv6 Host Configuration of DNS Server May 2005
1796 Intellectual Property Statement
1798 The IETF takes no position regarding the validity or scope of any
1799 Intellectual Property Rights or other rights that might be claimed to
1800 pertain to the implementation or use of the technology described in
1801 this document or the extent to which any license under such rights
1802 might or might not be available; nor does it represent that it has
1803 made any independent effort to identify any such rights. Information
1804 on the procedures with respect to rights in RFC documents can be
1805 found in BCP 78 and BCP 79.
1807 Copies of IPR disclosures made to the IETF Secretariat and any
1808 assurances of licenses to be made available, or the result of an
1809 attempt made to obtain a general license or permission for the use of
1810 such proprietary rights by implementers or users of this
1811 specification can be obtained from the IETF on-line IPR repository at
1812 http://www.ietf.org/ipr.
1814 The IETF invites any interested party to bring to its attention any
1815 copyrights, patents or patent applications, or other proprietary
1816 rights that may cover technology that may be required to implement
1817 this standard. Please address the information to the IETF at
1821 Disclaimer of Validity
1823 This document and the information contained herein are provided on an
1824 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
1825 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
1826 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
1827 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
1828 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1829 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1834 Copyright (C) The Internet Society (2005). This document is subject
1835 to the rights, licenses and restrictions contained in BCP 78, and
1836 except as set forth therein, the authors retain all their rights.
1841 Funding for the RFC Editor function is currently provided by the
1847 Jeong Expires November 6, 2005 [Page 33]
projects / FreeBSD / releng / 7.2.git / blob