To:
ph10@cam.ac.uk
Cc:
dnsop@cafax.se
From:
itojun@iijlab.net
Date:
Wed, 23 Jan 2002 16:57:16 +0900
Content-ID:
<21146.1011772624.0@itojun.org>
Sender:
owner-dnsop@cafax.se
Subject:
draft-ietf-dnsop-dontpublish-unreachable-02.txt
hello, i guess the document should be updated to either: - cover IPv6 addresses as well, as IPv6 scoped addresses share the same problem as IPv4 private addresses - change title to "IPv4 Addresses that should never appear in the public DNS" a very rough draft for IPv6 counterpart is attached. please let me know if you want to integrate two it one, or want to handle them separately. itojun
Internet Engineering Task Force Jun-ichiro itojun Hagino INTERNET-DRAFT IIJ Research Laboratory Expires: July 18, 2002 January 18, 2002 IPv6 adddresses that should never appear in the public DNS draft-itojun-dnsop-dontpublish-unreachable-v6-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To view the list Internet-Draft Shadow Directories, see http://www.ietf.org/shadow.html. Distribution of this memo is unlimited. The internet-draft will expire in 6 months. The date of expiration will be July 18, 2002. Abstract The document specifies an Internet Best Current Practice for the Internet community. The document discusses what kind of IPv6 addresses should not appear in the public DNS database, and what are permitted. The document has IPv4 counterpart [Hazel, 2002] . 1. Problem domain IPv6 address architecture incorporates scoped address model. Under scoped address model, non-global addresses have limited reachability and domain of uniqueness. For instance, site local addresses are reachable within a particular site only, and guaranteed to be unique across the site only. On the contrary, the public DNS database has global visibility. Once a resource record is published to the public DNS database, the records will be visible from any location. It will cause problems if we publish scoped addresses into the public DNS database. The document discusses what kind of IPv6 addresses should not appear in the public DNS database, and what are permitted. The following sections Hagino Expires: July 18, 2002 [Page 1] DRAFT IPv6 addrs that should never appear in DNS January 2002 enumerate IPv6 address types and discusses whether they are suitable to be put into the public DNS database. 2. Unicast address 2.1. Link-local address Link-local IPv6 addresses MUST NOT be put into the public DNS database, as their reachability is limited within a particular link. 2.2. Site-local address Site-local IPv6 addresses MUST NOT be put into the public DNS database, as their reachability is limited within a particular site. 2.3. Global address Global IPv6 addresses MAY be put into the public DNS database, assuming that the global IPv6 address has global reachability. When the IPv6 address has limited reachability (due to firewalls and such) [Hazel, 2002] should be consulted. 2.4. IPv4-mapped address IPv4-mapped addresses MUST NOT be put into the public DNS database, as their use is limited to an internal representation of IPv4 peers within AF_INET6 socket API [Gilligan, 1999] . 2.5. IPv4-compatible address IPv4-compatible addresses MAY be put into the public DNS database, to indicate that the node is willing to accept auto-tunnelled packets [Gilligan, 2000] . [XXX Auto-tunnel is basically superseded by 6to4. Do we still need this section, or?] 2.6. Loopback address Loopback addresses MAY be put into the public DNS database, if the resource record is named "loopback". 3. Anycast address Anycast addresses, as specified in IPv6 base specification [Deering, 1998] , have certain limitation in the usage, for example, they cannot be put into IPv6 source address field and hence cannot be used as TCP endpoint [Hagino, 2001] . Anycast addresses should be treated as global addresses with limited reachability. Hagino Expires: July 18, 2002 [Page 2] DRAFT IPv6 addrs that should never appear in DNS January 2002 4. Multicast address Scoped multicast addresses (multicast address with 4 bit scope value smaller than 0x0e) MUST NOT be put into the public DNS database. Globally-scoped multicast addresses MAY be put into the public DNS database. [XXX Is it really okay?] 5. Security considerations The scoped nature of IPv6 address can make complicated interaction with the public DNS infrastructure. References Hazel, 2002. Philip Hazel, "IP Addresses that should never appear in the public DNS" in draft-ietf-dnsop-dontpublish-unreachable-02.txt (January 2002). work in progress material. Gilligan, 1999. R. Gilligan, S. Thomson, J. Bound, and W. Stevens, "Basic Socket Interface Extensions for IPv6" in RFC2553 (March 1999). ftp://ftp.isi.edu/in-notes/rfc2553.txt. Gilligan, 2000. R. Gilligan and E. Nordmark, "Transition Mechanisms for IPv6 Hosts and Routers" in RFC2893 (August 2000). ftp://ftp.isi.edu/in- notes/rfc2893.txt. Deering, 1998. S. Deering and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification" in RFC2460 (December 1998). ftp://ftp.isi.edu/in- notes/rfc2460.txt. Hagino, 2001. Jun-ichiro itojun Hagino and K. Ettikan in draft-ietf-ipngwg- ipv6-anycast-analysis-00.txt (July 2001). work in progress material. Author's address Jun-ichiro itojun HAGINO Research Laboratory, Internet Initiative Japan Inc. Takebashi Yasuda Bldg., 3-13 Kanda Nishiki-cho, Chiyoda-ku,Tokyo 101-0054, JAPAN Tel: +81-3-5259-6350 Fax: +81-3-5259-6351 Email: itojun@iijlab.net Hagino Expires: July 18, 2002 [Page 3] DRAFT IPv6 addrs that should never appear in DNS January 2002 Hagino Expires: July 18, 2002 [Page 4]