Special Use Domain Name 'ipv4only.arpa'
Apple Inc.
1 Infinite Loop
Cupertino
California
95014
USA
+1 408 974 3207
cheshire@apple.com
Apple Inc.
1 Infinite Loop
Cupertino
California
95014
USA
+1 669 227 9921
dschinazi@apple.com
The document
"Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis" [RFC7050]
specifies the Special Use Domain Name 'ipv4only.arpa',
with certain precise special properties, but neglected to include a
Domain Name Reservation Considerations section [RFC6761]
formalizing those special properties.
This document updates RFC 7050 and formally specifies the
Special Use Domain Name rules for ipv4only.arpa.
The document
"Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis"
specifies the Special Use Domain Name 'ipv4only.arpa',
with certain precise special properties, but neglected to include a
Domain Name Reservation Considerations section
formally stating those special properties.
As a result of the name 'ipv4only.arpa' not being formally declared to
have special properties, there was no mandate for software to treat this
name specially. Queries for this name are handled normally, and result in
queries to the 'arpa' name servers. At times, for reasons that are as yet
unclear, the 'arpa' name servers have been observed to be slow or unresponsive.
The failures of these 'ipv4only.arpa' queries result in failures of
software that depends on them for NAT64 address synthesis. Also, having
millions of devices around the world depend on these answers generates
pointless additional load on the 'arpa' name servers, which is completely
unnecessary when this name is defined, by Internet Standard, to have only
two address records, 192.0.0.170 and 192.0.0.171, and no other records.
To remedy this situation, this document updates RFC 7050 and specifies the
formal Special Use Domain Name rules for ipv4only.arpa.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in "Key words for use
in RFCs to Indicate Requirement Levels" .
Hard-coding the answers for ipv4only.arpa queries avoids the risk of
malicious devices intercepting those queries and returning incorrect answers.
[Once published, this should say]
IANA has recorded the name 'ipv4only.arpa' in the
Special-Use Domain Names registry.
The name 'ipv4only.arpa' is special in the following ways:
Users should never have reason to encounter the ipv4only.arpa
domain nanme. If they do, queries for ipv4only.arpa should
result in the answers specified in RFC 7050.
Users have no need to know that ipv4only.arpa is special.
Application software may explicitly use the name ipv4only.arpa for NAT64
address synthesis, and expect to get the answers specified in RFC 7050.
If application software encounters the name ipv4only.arpa as user input,
the application software should resolve that name as usual and need not
treat it in any special way.
Name resolution APIs and libraries SHOULD NOT recognize
ipv4only.arpa as special and SHOULD NOT treat it differently.
Name resolution APIs SHOULD send queries for this name to
their configured recursive/caching DNS server(s).
Recursive/caching DNS servers SHOULD recognize ipv4only.arpa as special
and SHOULD NOT, by default, attempt to look up NS records for it, or
otherwise query authoritative DNS servers in an attempt to resolve this name.
Instead, recursive/caching DNS servers SHOULD, by default, act as
authoritative and generate immediate responses for all such queries.
Traditional recursive/caching DNS servers that act as authoritative for this
name MUST generate only the 192.0.0.170 and 192.0.0.171 responses for these
queries, and no others.
DNS64 recursive/caching DNS servers MUST generate the
192.0.0.170 and 192.0.0.171 address record responses for these queries,
and MUST generate the appropriate synthesized IPv6 address record responses for all AAAA queries.
This is to avoid unnecessary load on the 'arpa' name servers.
Traditional authoritative DNS servers SHOULD recognize ipv4only.arpa
as special and SHOULD, by default, generate immediate
negative responses for all such queries, unless explicitly
configured otherwise by the administrator
(which only applies to the administrators of the 'arpa' namespace).
DNS server operators MUST understand that ipv4only.arpa is
a special name, with answers specified by Internet Standard.
DNS Registries/Registrars MUST understand that ipv4only.arpa is
a special name, with answers specified by Internet Standard.
Special-Use Domain Names Registry