To:
ph10@cam.ac.uk
Cc:
dnsop@cafax.se
From:
itojun@iijlab.net
Date:
Wed, 23 Jan 2002 16:57:16 +0900
Content-ID:
<21146.1011772624.0@itojun.org>
Sender:
owner-dnsop@cafax.se
Subject:
draft-ietf-dnsop-dontpublish-unreachable-02.txt
hello, i guess the document should be updated to either: - cover IPv6 addresses as well, as IPv6 scoped addresses share the same problem as IPv4 private addresses - change title to "IPv4 Addresses that should never appear in the public DNS" a very rough draft for IPv6 counterpart is attached. please let me know if you want to integrate two it one, or want to handle them separately. itojun
Internet Engineering Task Force Jun-ichiro itojun Hagino
INTERNET-DRAFT IIJ Research Laboratory
Expires: July 18, 2002 January 18, 2002
IPv6 adddresses that should never appear in the public DNS
draft-itojun-dnsop-dontpublish-unreachable-v6-00.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''
To view the list Internet-Draft Shadow Directories, see
http://www.ietf.org/shadow.html.
Distribution of this memo is unlimited.
The internet-draft will expire in 6 months. The date of expiration will
be July 18, 2002.
Abstract
The document specifies an Internet Best Current Practice for the
Internet community. The document discusses what kind of IPv6 addresses
should not appear in the public DNS database, and what are permitted.
The document has IPv4 counterpart [Hazel, 2002] .
1. Problem domain
IPv6 address architecture incorporates scoped address model. Under
scoped address model, non-global addresses have limited reachability and
domain of uniqueness. For instance, site local addresses are reachable
within a particular site only, and guaranteed to be unique across the
site only. On the contrary, the public DNS database has global
visibility. Once a resource record is published to the public DNS
database, the records will be visible from any location. It will cause
problems if we publish scoped addresses into the public DNS database.
The document discusses what kind of IPv6 addresses should not appear in
the public DNS database, and what are permitted. The following sections
Hagino Expires: July 18, 2002 [Page 1]
DRAFT IPv6 addrs that should never appear in DNS January 2002
enumerate IPv6 address types and discusses whether they are suitable to
be put into the public DNS database.
2. Unicast address
2.1. Link-local address
Link-local IPv6 addresses MUST NOT be put into the public DNS database,
as their reachability is limited within a particular link.
2.2. Site-local address
Site-local IPv6 addresses MUST NOT be put into the public DNS database,
as their reachability is limited within a particular site.
2.3. Global address
Global IPv6 addresses MAY be put into the public DNS database, assuming
that the global IPv6 address has global reachability. When the IPv6
address has limited reachability (due to firewalls and such) [Hazel,
2002] should be consulted.
2.4. IPv4-mapped address
IPv4-mapped addresses MUST NOT be put into the public DNS database, as
their use is limited to an internal representation of IPv4 peers within
AF_INET6 socket API [Gilligan, 1999] .
2.5. IPv4-compatible address
IPv4-compatible addresses MAY be put into the public DNS database, to
indicate that the node is willing to accept auto-tunnelled packets
[Gilligan, 2000] . [XXX Auto-tunnel is basically superseded by 6to4.
Do we still need this section, or?]
2.6. Loopback address
Loopback addresses MAY be put into the public DNS database, if the
resource record is named "loopback".
3. Anycast address
Anycast addresses, as specified in IPv6 base specification [Deering,
1998] , have certain limitation in the usage, for example, they cannot
be put into IPv6 source address field and hence cannot be used as TCP
endpoint [Hagino, 2001] . Anycast addresses should be treated as global
addresses with limited reachability.
Hagino Expires: July 18, 2002 [Page 2]
DRAFT IPv6 addrs that should never appear in DNS January 2002
4. Multicast address
Scoped multicast addresses (multicast address with 4 bit scope value
smaller than 0x0e) MUST NOT be put into the public DNS database.
Globally-scoped multicast addresses MAY be put into the public DNS
database. [XXX Is it really okay?]
5. Security considerations
The scoped nature of IPv6 address can make complicated interaction with
the public DNS infrastructure.
References
Hazel, 2002.
Philip Hazel, "IP Addresses that should never appear in the public DNS"
in draft-ietf-dnsop-dontpublish-unreachable-02.txt (January 2002). work
in progress material.
Gilligan, 1999.
R. Gilligan, S. Thomson, J. Bound, and W. Stevens, "Basic Socket
Interface Extensions for IPv6" in RFC2553 (March 1999).
ftp://ftp.isi.edu/in-notes/rfc2553.txt.
Gilligan, 2000.
R. Gilligan and E. Nordmark, "Transition Mechanisms for IPv6 Hosts and
Routers" in RFC2893 (August 2000). ftp://ftp.isi.edu/in-
notes/rfc2893.txt.
Deering, 1998.
S. Deering and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification" in RFC2460 (December 1998). ftp://ftp.isi.edu/in-
notes/rfc2460.txt.
Hagino, 2001.
Jun-ichiro itojun Hagino and K. Ettikan in draft-ietf-ipngwg-
ipv6-anycast-analysis-00.txt (July 2001). work in progress material.
Author's address
Jun-ichiro itojun HAGINO
Research Laboratory, Internet Initiative Japan Inc.
Takebashi Yasuda Bldg.,
3-13 Kanda Nishiki-cho,
Chiyoda-ku,Tokyo 101-0054, JAPAN
Tel: +81-3-5259-6350
Fax: +81-3-5259-6351
Email: itojun@iijlab.net
Hagino Expires: July 18, 2002 [Page 3]
DRAFT IPv6 addrs that should never appear in DNS January 2002
Hagino Expires: July 18, 2002 [Page 4]