Network Working Group M. Andrews
Internet-Draft ISC
Intended status: Standards Track July 22, 2019
Expires: January 23, 2020

DNS64 Exclusion List RA Option
draft-andrews-6man-dns64-exclude-00

Abstract

To allow automatic device configuration to a DNS64 process behind a IPv6-only link it is necessary to provide AAAA and A record exclusion lists. This document provide such a mechanism.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on January 23, 2020.

Copyright Notice

Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1. Introduction

To allow automatic device configuration to a DNS64 process behind a IPv6-only link it is necessary to provide AAAA and A record exclusion lists. This document provide such a mechanism.

When an DNS64 implementation needs to be configured behind DNS64 server, for example when performing DNSSEC [RFC4034] validation, the AAAA exclusion list from [RFC6147] needs to be made available. When the DNS64 implementation implementation is also on a local dual-stack network the local A records also need to be excluded from DNS64 processing to prevent local traffic being sent to the NAT64.

1.1. Reserved Words

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

2. DNS64-EXCLUDE Option

The DNS64-EXLUDE option (TBA) contains a DNS wire encoded name [RFC1034] which points at 1 or 2 APL records [RFC3123] where the records contain IPv4 and IPv6 exclusions lists which are encoded on a first match basis. If there are multiple records prefixes for a address family MUST NOT be split across multiple records as DNS records are not ordered.

The IPv6 prefixes are used to populate the AAAA exclusion list from [RFC6147] Section 5.1.4.

The IPv4 prefixes are used to exclude A records from translation to DNS64 mapped AAAA records. 

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |    Length     |           Lifetime            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
~              DNS Wire Encoded Name                            ~
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |            Padding            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

3. Examples 

dns64.example.com. IN APL !1:10.0.0/24 1:10/8 2:64:ff9b::/32

Single Record

dns64.example.com. IN APL !1:10.0.0/24 1:10/8
dns64.example.com. IN APL 2:64:ff9b::/32

Multiple Records

Exclude 10.0.0.0/8 except for 10.0.0.0/24 from DNS64 processing.

Exclude the well known DNS64 prefix 64:ff9b::/32 from DNS64 processing.

4. IANA Considerations

The IANA is requested to assign a new IPv6 Neighbor Discovery Option type for the DNS64-EXCLUDE option defined in this document. 

+----------------------+-------+
| Option Name          | Type  |
+----------------------+-------+
| DNS64-EXCLUDE option | (TBD) |
+----------------------+-------+

The IANA registry for these options is:

https://www.iana.org/assignments/icmpv6-parameters

5. Security Considerations

TBA

6. References

6.1. Normative References

[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC3123] Koch, P., "A DNS RR Type for Lists of Address Prefixes (APL RR)", RFC 3123, DOI 10.17487/RFC3123, June 2001.

6.2. Informative References

[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, DOI 10.17487/RFC4034, March 2005.
[RFC6147] Bagnulo, M., Sullivan, A., Matthews, P. and I. van Beijnum, "DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers", RFC 6147, DOI 10.17487/RFC6147, April 2011.

Author's Address

M. Andrews Internet Systems Consortium 950 Charter Street Redwood City, CA 94063 US EMail: marka@isc.org