DNSEXT Working Group S. Coffey INTERNET-DRAFT S. Strain Category: Best Current Practice Theale Volunteer Networking Group February 22, 2001 L. Esibov Expires: August 22, 2001 Microsoft Filename: draft-coffeystrain-dnsext-privatednstld-00.txt DNS Top Level Domain For Private Networks This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Abstract The document outlines the use of a top level DNS domain ".pri", for use within private networks. A reserved top level domain would allow private domain names to be chosen that would not conflict with current or future registered public domain names. Coffey, Strain and Esibov [Page 1] DNS TLD For Private Networks February 2001 1. Introduction Increasingly, private networks require a domain name service for both private and public (internet) domain names. However, it is not required or desirable for the private namespace to be accessible from outside the private network. A reserved top level domain would allow a private namespace to be defined that would not conflict with current or future registered public domain names. 2. Current Common Practice in private network domain names selection Currently, common practice when selecting a private network domain name follows one of two unsatisfactory paths: (i) Use of registered public domain name A private DNS server is configured as authoritative for the registered domain name, in addition to the existing public facing authoritative name server(s). The private server holds the "private version" of the registered domain, and delegates to subdomains as necessary. This requires two different versions of a single zone, in contravention of RFC1034. This can also lead to practical problems if a DNS query from a server on the private network to a public name server returns additional information regarding names in the "public version" of the registered zone. (ii) Use of an unregistered domain name An unregistered domain name is chosen for the private network, for example a company with a registered domain "acme.com" might choose "acme.net" for the private network. This avoids the problems of using a registered domain name, yet may conflict with a future reservation of the domain chosen. 3. Using a Reserved Top Level Domain for private network domain names A reserved top level domain name, ".pri", would allow a private domain name to be chosen safely with no risk of conflict with current or future registered domain names. A private DNS server is configured as authoritative for the ".pri" domain, and delegates the private subdomains as appropriate. Coffey, Strain and Esibov [Page 2] DNS TLD For Private Networks February 2001 Use of a private domain naming scheme based on a consistent top level domain also allows multiple trusted private networks to integrate their domain naming schemes simply by merging and synchronizing the ".pri" zone. Use of a clearly private domain name also can provide a clear distinction to users and applications between trusted private hosts and untrusted public hosts. For example, Acme Corp may choose "acme.pri" for their private domain name. They configure their DNS server to be authority for ".pri" and "acme.pri", whilst all domains outside of the ".pri" domain will be resolved via public DNS servers. Should Acme Corp wish to make its private domain names accessible to Cowboy Corp, who use the private domain "cowboy.pri", then the two organizations simply merge and synchronize their ".pri" zones. 4. Existing Reserved Top Level Domains Existing reserved top level domains are described in RFC2606. 5. IANA Considerations To enable the use of the domain ".pri" as described, authors will request from IANA reservation of the ".pri" top level domain. 6. Security Considerations This draft does not introduce any additional security concerns. 7. Request for Comments Please send comments by e-mail to: sicoffey@yahoo.com and levone@microsoft.com, cc: sandy.strain@integralis.com Coffey, Strain and Esibov [Page 3] DNS TLD For Private Networks February 2001 8. References [RFC 1034] Mockapetris, P., "Domain names - concepts and facilities" STD 13, RFC 1034, November 1987. [RFC 1035] Mockapetris, P., "Domain names - implementation and specification" STD 13, RFC 1035, November 1987. [RFC 1591] Postel, J., "Domain Name System Structure and Delegation" RFC 1591, March 1994. [RFC 2606] Eastlake & Panitz, "Reserved Top Level DNS Names" BCP32, RFC 2606, June 1999. 9. Authors' Addresses Simon Coffey c/o Integralis Ltd Brunel Rd Theale READING UK EMail: sicoffey@yahoo.com Sandy Strain c/o Integralis Ltd Brunel Rd Theale READING UK EMail: sandy.strain@integralis.com Phone: +44 118 930 6060 Levon Esibov Microsoft Corporation One Microsoft Way Redmond, WA 98052 EMail: levone@microsoft.com Coffey, Strain and Esibov [Page 4] DNS TLD For Private Networks February 2001 10. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards- related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 11. Full Copyright Statement Copyright (C) The Internet Society (2001). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 10. Expiration Date This memo is filed as , and expires on August 22, 2001. Coffey, Strain and Esibov [Page 5]