-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-gont-6man-slaac-dns-config-issues-00.txt
784 lines (346 loc) · 21.3 KB
/
draft-gont-6man-slaac-dns-config-issues-00.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
IPv6 maintenance Working Group (6man) F. Gont
Internet-Draft SI6 Networks / UTN-FRH
Updates: 6106 (if approved) P. Simerda
Intended status: Standards Track June 15, 2012
Expires: December 17, 2012
Current issues with DNS Configuration Options for SLAAC
draft-gont-6man-slaac-dns-config-issues-00
Abstract
RFC 6106 specifies two Neighbor Discovery options that can be
included in Router Advertisement messages to convey information about
DNS recursive servers and DNS Search Lists. Small lifetime values
for the aforementioned options have been found to cause
interoperability problems in those network scenarios in which these
options are used to convey DNS-related information. This document
analyzes the aforementioned problem, and formally updates RFC 6106
such that these issues are mitigated.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may not be modified,
and derivative works of it may not be created, and it may not be
published except as an Internet-Draft.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 17, 2012.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Gont & Simerda Expires December 17, 2012 [Page 1]
Internet-Draft SLAAC DNS Configuration Issues June 2012
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Possible Solutions . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Summary of possible solutions . . . . . . . . . . . . . . 4
2.2. Changing the Semantics of the 'Lifetime' field of
RDNSS and DNSSL options . . . . . . . . . . . . . . . . . 4
2.3. Changing the Default Values of the 'Lifetime' field of
RDNSS and DNSSL options . . . . . . . . . . . . . . . . . 6
2.4. Use Router Solicitations for active Probing . . . . . . . 7
2.5. Sanitize the received RDNSS/DNSSL 'Lifetime' Values . . . 7
3. Security Considerations . . . . . . . . . . . . . . . . . . . 9
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.1. Normative References . . . . . . . . . . . . . . . . . . . 11
5.2. Informative References . . . . . . . . . . . . . . . . . . 11
Appendix A. Additional notes regarding RFC 6106 . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
Gont & Simerda Expires December 17, 2012 [Page 2]
Internet-Draft SLAAC DNS Configuration Issues June 2012
1. Introduction
RFC 6106 [RFC6106] specifies to Neighbor Discovery (ND) [RFC4861]
options that can be included in Router Advertisement messages to
convey information about DNS recursive servers and DNS Search Lists.
Namely, the Recursive DNS Server (RDNSS) Option specifies the IPv6
addresses of recursive DNS servers, while the DNS Search List (DNSSL)
Option specifies a "search list" to be used when trying to resolve a
name by means of the DNS.
Each of this options include a "Lifetime" field which specifies the
maximum time, in seconds, during which the information included in
the option can be used by the receiving system. The aforementioned
"Lifetime" value is set as a function of the Neighbor Discovery
parameter 'MaxRtrAdvInterval', which specifies the maximum time
allowed between sending unsolicited multicast Router Advertisements
from an interface. The recommended bounds (MaxRtrAdvInterval <=
Lifetime <= 2*MaxRtrAdvInterval) have been found to be too short for
scenarios in which some Router Advertisement messages may be lost.
In such scenarios, host may fail to receive unsolicited Router
Advertisements and therefore fail to refresh the expiration time of
the DNS-related information previously learned through the RDNSS and
DNSSL options), thus eventually discarding the aforementioned DNS-
related information prematurely.
Some implementations consider the lack of DNS-related information as
a hard failure, thus causing configuration restart. This situation
is exacerbated in those implementations in which IPv6 connectivity
and IPv4 connectivity are bound together, and hence failure in the
configuration of one of them causes the whole link to be restarted.
Section 2 proposes a number of ALTERNATIVE solutions to the problem,
such that the 6man wg can discuss both of them. It is expected that
once the 6man wg converges on a preferred solution, the other ones
will be removed from the document.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Gont & Simerda Expires December 17, 2012 [Page 3]
Internet-Draft SLAAC DNS Configuration Issues June 2012
2. Possible Solutions
This section describes a number of possible ALTERNATIVE solutions to
the problem, such that the 6man wg can discuss both of them. It is
expected that once the 6man wg converges on a preferred solution, the
other one will be removed from the document.
2.1. Summary of possible solutions
Section 2.2 proposes to change the semantics of the RDNSS/DNSSL
'Lifetime', thus fixing the 'expiration' problem outlined in
Section 1 and the potential of 'network configuration oscillation'.
Section 2.3 proposes to increase the 'Lifetime' value at the sending
routers, fixing the "expiration" problem outlined in Section 1, but
without addressing the potential of 'network configuration
oscillation'. Section 2.4 proposes to send Router Solicitations when
expiration of RDNSS/DNSSL information is imminent, to elicit Router
Advertisement messages. Section 2.5 proposes to enforce a lower
limit on the received RDNSS/DNSSL 'Lifetime' values at the client
side.
2.2. Changing the Semantics of the 'Lifetime' field of RDNSS and DNSSL
options
The semantics of the 'Lifetime' field of the RDNSS and DNSSL options
is updated as follows:
o The 'Lifetime' field indicates the amount of time during which the
aforementioned DNS-related information is expected to be stable.
o If the information received in a RDNSS or DNSSL option is already
present in the corresponding data structures, the corresponding
'Expiration' time should be updated according to the value in the
'Lifetime' field of the received option. A 'Lifetime' of '0'
causes the corresponding information to be discarded, as already
specified in [RFC6106].
o If a host has already gathered a sufficient number of RDNSS
addresses (or DNS search domain names), and additional data is
received while the existing entries have not yet expired, the
received RDNSS addresses (or DNS search domain names) SHOULD be
ignored.
o If a host receives new RDNSS addresses (or DNS search domain
names), and some of the existing entries have expired, the newly-
learned information SHOULD be used to replace the expired entries.
Gont & Simerda Expires December 17, 2012 [Page 4]
Internet-Draft SLAAC DNS Configuration Issues June 2012
o A host SHOULD flush configured DNS-related information when it has
any reason to believe that its network connectivity has changed in
some relevant way (e.g., there has been a "link change event").
When that happens, the host MAY send a Router Solicitation message
to re-learn the corresponding DNS-related information.
o The most-recently-updated information SHOULD have higher priority
over the other DNS-related information already present on the
local host.
The rationale for the suggested change is as follows:
o It is a backwards-compatible local-policy change that solves the
problem described in Section 1 without requiring changes to router
software or router configuration in existing deployments (over
which the user is likely to have no control at all).
o Since different RDNSS and DNSSL information could be sent by the
same router in different Router Advertisement messages, the
updated semantics of the 'Lifetime' parameter prevents
oscillations in network configuration.
This situation could arise for a number of reasons. For
example, if the desire for different 'Lifetime' values warrants
the use of different RDNSS or DNSSL options, and because of
packet size issues each option must be included in a separate
Router Advertisement message, each burst of RAs could cause
DNS-related information to be reconfigured.
Another possible scenario that could lead to the same situation
is that in which there is more than one local router, and each
of the local routers announces different RDNSS (or DNSSL)
information. If the number of RDNSS addresses (or DNS search
domain names) that the local host considers "sufficient"
prevents the aggregate set of RDNSS (or DNSSL) information, the
local RDNSS (or DNSSL) information would oscillate between that
advertised by each of the local routers.
o The original motivation for enforcing a short expiration timeout
value was to allow mobile nodes to prefer local RDNSSes to remote
RDNSSes. However, the recommendation in the last bullet above
already allows for a timely update of the corresponding DNS-
related information. Additionally, since it is already
recommended by [RFC6106] to maintain some RDNSS addresses (or DNS
search domain names) per source, in the typical scenarios in which
a single router (per subnet) advertises configuration information,
one of this 'slots' will be free (or have expired information) and
readily available to be populated with information learned from
Gont & Simerda Expires December 17, 2012 [Page 5]
Internet-Draft SLAAC DNS Configuration Issues June 2012
the new subnet to which the host has moved.
2.3. Changing the Default Values of the 'Lifetime' field of RDNSS and
DNSSL options
The default RDNSS/DNSSL "Lifetime" value in current the current
router solutions vary between MaxRtrAdvInterval and
2*MaxRtrAdvInterval. This means that common packet loss rates can
lead to the problem described in this document.
One possible approach to mitigate this issue would be to avoid
'Lifetime' values that are on the same order as MaxRtrAdvInterval.
This solution would require, of course, changes in router software.
When specifying a better default value, the following aspects should
be considered:
o IPv6 will be used on many links (including IEEE 802.11) that
experience packet loss. Therefore losing a few packets in a short
period of time should not invalidate DNS configuration
information.
o Unsolicited Router Advertisements sent on Ethernet networks result
in packets that employ multicast Ethernet Destination Addresses.
A number of network elements (including those that perform
bridging between wireless networks and wired networks) have
problems with multicasted Ethernet frames, thus typically leading
to packet loss of some of those frames. Therefore, SLAAC
implementations should be able to cope with devices that can lose
several multicast packets in a row.
The default value of AdvRDNSSLifetime and AdvDNSSLLifetime MUST be at
least 5*MaxRtrAdvInterval so that the probability of hosts receiving
unsolicited Router Advertisements is increased.
This solution leaves out the following situations:
o In those scenarios in which the involved routers cannot be updated
this solution will not be applicable. This also limitation also
applies to nomadic hosts that can connect to many different
networks. This case will be discussed later in this document.
o The affected network has a huge multicast packet loss. This
unfortunately happens in some real networks.
o This solution does not address the potential 'network
configuration oscillation' issue described in Section 2.2.
Gont & Simerda Expires December 17, 2012 [Page 6]
Internet-Draft SLAAC DNS Configuration Issues June 2012
2.4. Use Router Solicitations for active Probing
According to RFC 6106, hosts MAY send Router Solicitations to avoid
expiry of RDNSS and DNSSL lifetimes. This technique could be
employed as a "last resort" when expiration of the RDNSS and DNSSL
information is imminent.
Hosts SHOULD start sending multicast Router Solicitation when most of
the Lifetime of the last RDNSS server is consumed. The precise time
should be a randomized value chosen from 70% to 90% of the original
Lifetime to avoid bursts of packets from other hosts on the network.
Hosts MAY send up to MAX_RTR_SOLICITATIONS Router Solicitation
messages, each separated by at least RTR_SOLICITATION_INTERVAL
seconds (please see Section 6.3.7 of [RFC4861].
Problems of this approach:
o If no IPv6 router responds, all previously connected hosts will
repeatedly send Router Solicitations and only stop doing so when
their RDNSS and DNSSL information finally expires. This could
disrupt IPv4 networking in larger networks and that must be
avoided.
o If IPv6 router responds with unicast Router Advertisement, it may
need to respond to many clients.
o There is no other SLAAC information that requires or would benefit
from this kind of "active probing".
o This approach does not mitigate the potential 'network
configuration oscillation' problem described in Section 2.2.
NOTE: We should either state a very good reason to specialcase DNS
timeouts or deprecate Router Solicitations in RFC 6106 entirely.
Deprecation is the more favorable option in our opinion.
2.5. Sanitize the received RDNSS/DNSSL 'Lifetime' Values
Another possible approach would be to enforce a lower limit on the
received RDNSS/DNSSL 'Lifetime' values on the client side. The
challenge this technique is the selection of a reasonable value. On
the router side, it can be derived from MaxRtrAdvInterval but this
value is not known to the client side.
Therefore we would have to assume some maximum value of
MaxRtrAdvInterval and use it to derive minimum value of lifetimes
instead of the actual MaxRtrAdvInterval.
Gont & Simerda Expires December 17, 2012 [Page 7]
Internet-Draft SLAAC DNS Configuration Issues June 2012
It should be noted that this approach would not address the potential
'network configuration oscillation' issue described in Section 2.2.
Gont & Simerda Expires December 17, 2012 [Page 8]
Internet-Draft SLAAC DNS Configuration Issues June 2012
3. Security Considerations
This document does not introduce any additional security
considerations to those documented in the "Security Considerations"
section of [RFC6106].
Gont & Simerda Expires December 17, 2012 [Page 9]
Internet-Draft SLAAC DNS Configuration Issues June 2012
4. Acknowledgements
Gont & Simerda Expires December 17, 2012 [Page 10]
Internet-Draft SLAAC DNS Configuration Issues June 2012
5. References
5.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007.
[RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration",
RFC 6106, November 2010.
5.2. Informative References
Gont & Simerda Expires December 17, 2012 [Page 11]
Internet-Draft SLAAC DNS Configuration Issues June 2012
Appendix A. Additional notes regarding RFC 6106
Section 5.2 of [RFC6106] states:
An RDNSS address or a DNSSL domain name MUST be used only as long
as both the RA router Lifetime (advertised by a Router
Advertisement message [RFC4861]) and the corresponding option
Lifetime have not expired.
This requirement could introduce problems in scenarios in which the
router advertising the RDNSS or DNSSL options is not expected to be
employed as a "default router", and hence the 'Router Lifetime' value
of its Router Advertisement messages is set to 0.
As noted in Section 4.2 of [RFC4861], the Router Lifetime applies
only to the router's usefulness as a default router, and it does
not apply to information contained in other message fields or
options.
Therefore, it would be sensible to exclude the 'Router Lifetime
information when deciding about the validity or "freshness" of the
DNS-related configuration information.
Section 5.3.1 of [RFC6106] states:
When the IPv6 host has gathered a sufficient number (e.g., three)
of RDNSS addresses (or DNS search domain names), it SHOULD
maintain RDNSS addresses (or DNS search domain names) by the
sufficient number such that the latest received RDNSS or DNSSL is
more preferred to the old ones; that is, when the number of RDNSS
addresses (or DNS search domain names) is already the sufficient
number, the new one replaces the old one that will expire first in
terms of Lifetime.
As noted earlier in this document, this policy could lead (in some
scenarios) to network configuration oscillations. Therefore, it
would be sensible to enforce some minimum stability of the configured
information, such as that resulting from the update in Section 2.2.
Section 6.3 of [RFC6106] states:
Step (d): For each DNSSL domain name, if it does not exist in the
DNS Search List, register the DNSSL domain name and Lifetime with
the DNS Search List and then insert the DNSSL domain name in front
of the Resolver Repository. In the case where the data structure
for the DNS Search List is full of DNSSL domain name entries (that
is, has more DNSSL domain names than the sufficient number
discussed in Section 5.3.1), delete from the DNS Server List the
Gont & Simerda Expires December 17, 2012 [Page 12]
Internet-Draft SLAAC DNS Configuration Issues June 2012
entry with the shortest Expiration-time (i.e., the entry that will
expire first).
This policy could lead to the same network configuration oscillation
problems as described above for the RDNSS addresses. Therefore, it
would be sensible to enforce some minimum stability of the configured
information, such as that resulting from the update in Section 2.2.
Gont & Simerda Expires December 17, 2012 [Page 13]
Internet-Draft SLAAC DNS Configuration Issues June 2012
Authors' Addresses
Fernando Gont
SI6 Networks / UTN-FRH
Evaristo Carriego 2644
Haedo, Provincia de Buenos Aires 1706
Argentina
Phone: +54 11 4650 8472
Email: [email protected]
URI: http://www.si6networks.com
Pavel Simerda
Phone: +420 775 996 256
Email: [email protected]
Gont & Simerda Expires December 17, 2012 [Page 14]