7
Network Working Group A. Durand
8
Request for Comments: 3901 SUN Microsystems, Inc.
10
Category: Best Current Practice Autonomica
14
DNS IPv6 Transport Operational Guidelines
18
This document specifies an Internet Best Current Practices for the
19
Internet Community, and requests discussion and suggestions for
20
improvements. Distribution of this memo is unlimited.
24
Copyright (C) The Internet Society (2004).
28
This memo provides guidelines and Best Current Practice for operating
29
DNS in a world where queries and responses are carried in a mixed
30
environment of IPv4 and IPv6 networks.
32
1. Introduction to the Problem of Name Space Fragmentation:
33
following the referral chain
35
A resolver that tries to look up a name starts out at the root, and
36
follows referrals until it is referred to a name server that is
37
authoritative for the name. If somewhere down the chain of referrals
38
it is referred to a name server that is only accessible over a
39
transport which the resolver cannot use, the resolver is unable to
42
When the Internet moves from IPv4 to a mixture of IPv4 and IPv6 it is
43
only a matter of time until this starts to happen. The complete DNS
44
hierarchy then starts to fragment into a graph where authoritative
45
name servers for certain nodes are only accessible over a certain
46
transport. The concern is that a resolver using only a particular
47
version of IP and querying information about another node using the
48
same version of IP can not do it because somewhere in the chain of
49
servers accessed during the resolution process, one or more of them
50
will only be accessible with the other version of IP.
52
With all DNS data only available over IPv4 transport everything is
53
simple. IPv4 resolvers can use the intended mechanism of following
54
referrals from the root and down while IPv6 resolvers have to work
58
Durand & Ihren Best Current Practice [Page 1]
60
RFC 3901 DNS IPv6 Transport Guidelines September 2004
63
through a "translator", i.e., they have to use a recursive name
64
server on a so-called "dual stack" host as a "forwarder" since they
65
cannot access the DNS data directly.
67
With all DNS data only available over IPv6 transport everything would
68
be equally simple, with the exception of IPv4 recursive name servers
69
having to switch to a forwarding configuration.
71
However, the second situation will not arise in the foreseeable
72
future. Instead, the transition will be from IPv4 only to a mixture
73
of IPv4 and IPv6, with three categories of DNS data depending on
74
whether the information is available only over IPv4 transport, only
77
Having DNS data available on both transports is the best situation.
78
The major question is how to ensure that it becomes the norm as
79
quickly as possible. However, while it is obvious that some DNS data
80
will only be available over v4 transport for a long time it is also
81
obvious that it is important to avoid fragmenting the name space
82
available to IPv4 only hosts. For example, during transition it is
83
not acceptable to break the name space that we presently have
84
available for IPv4-only hosts.
88
The phrase "IPv4 name server" indicates a name server available over
89
IPv4 transport. It does not imply anything about what DNS [1,2] data
90
is served. Likewise, "IPv6 [4,5,6] name server" indicates a name
91
server available over IPv6 transport. The phrase "dual-stack name
92
server" indicates a name server that is actually configured to run
93
both protocols, IPv4 and IPv6, and not merely a server running on a
94
system capable of running both but actually configured to run only
97
3. Policy Based Avoidance of Name Space Fragmentation
99
Today there are only a few DNS "zones" on the public Internet that
100
are available over IPv6 transport, and most of them can be regarded
101
as "experimental". However, as soon as the root and top level
102
domains are available over IPv6 transport, it is reasonable to expect
103
that it will become more common to have zones served by IPv6 servers.
105
Having those zones served only by IPv6-only name server would not be
106
a good development, since this will fragment the previously
107
unfragmented IPv4 name space and there are strong reasons to find a
108
mechanism to avoid it.
114
Durand & Ihren Best Current Practice [Page 2]
116
RFC 3901 DNS IPv6 Transport Guidelines September 2004
119
The recommended approach to maintain name space continuity is to use
120
administrative policies, as described in the next section.
122
4. DNS IPv6 Transport recommended Guidelines
124
In order to preserve name space continuity, the following
125
administrative policies are recommended:
127
- every recursive name server SHOULD be either IPv4-only or dual
130
This rules out IPv6-only recursive servers. However, one might
131
design configurations where a chain of IPv6-only name server
132
forward queries to a set of dual stack recursive name server
133
actually performing those recursive queries.
135
- every DNS zone SHOULD be served by at least one IPv4-reachable
136
authoritative name server.
138
This rules out DNS zones served only by IPv6-only authoritative
141
Note: zone validation processes SHOULD ensure that there is at least
142
one IPv4 address record available for the name servers of any child
143
delegations within the zone.
145
5. Security Considerations
147
The guidelines described in this memo introduce no new security
148
considerations into the DNS protocol or associated operational
153
This document is the result of many conversations that happened in
154
the DNS community at IETF and elsewhere since 2001. During that
155
period of time, a number of Internet drafts have been published to
156
clarify various aspects of the issues at stake. This document
157
focuses on the conclusion of those discussions.
159
The authors would like to acknowledge the role of Pekka Savola in his
160
thorough review of the document.
170
Durand & Ihren Best Current Practice [Page 3]
172
RFC 3901 DNS IPv6 Transport Guidelines September 2004
175
7. Normative References
177
[1] Mockapetris, P., "Domain names - concepts and facilities", STD
178
13, RFC 1034, November 1987.
180
[2] Mockapetris, P., "Domain names - implementation and
181
specification", STD 13, RFC 1035, November 1987.
183
[3] Bradner, S., "The Internet Standards Process -- Revision 3", BCP
184
9, RFC 2026, October 1996.
186
[4] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
187
Specification", RFC 2460, December 1998.
189
[5] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6)
190
Addressing Architecture", RFC 3513, April 2003.
192
[6] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, "DNS
193
Extensions to Support IP Version 6", RFC 3596, October 2003.
195
8. Authors' Addresses
198
SUN Microsystems, Inc
199
17 Network circle UMPK17-202
200
Menlo Park, CA, 94025
203
EMail: Alain.Durand@sun.com
212
EMail: johani@autonomica.se
226
Durand & Ihren Best Current Practice [Page 4]
228
RFC 3901 DNS IPv6 Transport Guidelines September 2004
231
9. Full Copyright Statement
233
Copyright (C) The Internet Society (2004).
235
This document is subject to the rights, licenses and restrictions
236
contained in BCP 78, and except as set forth therein, the authors
237
retain all their rights.
239
This document and the information contained herein are provided on an
240
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE
241
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
242
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
243
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
244
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
245
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
247
Intellectual Property
249
The IETF takes no position regarding the validity or scope of any
250
Intellectual Property Rights or other rights that might be claimed to
251
pertain to the implementation or use of the technology described in
252
this document or the extent to which any license under such rights
253
might or might not be available; nor does it represent that it has
254
made any independent effort to identify any such rights. Information
255
on the IETF's procedures with respect to rights in IETF Documents can
256
be found in BCP 78 and BCP 79.
258
Copies of IPR disclosures made to the IETF Secretariat and any
259
assurances of licenses to be made available, or the result of an
260
attempt made to obtain a general license or permission for the use of
261
such proprietary rights by implementers or users of this
262
specification can be obtained from the IETF on-line IPR repository at
263
http://www.ietf.org/ipr.
265
The IETF invites any interested party to bring to its attention any
266
copyrights, patents or patent applications, or other proprietary
267
rights that may cover technology that may be required to implement
268
this standard. Please address the information to the IETF at ietf-
273
Funding for the RFC Editor function is currently provided by the
282
Durand & Ihren Best Current Practice [Page 5]