Internet Engineering Task Force Christian Huitema INTERNET DRAFT Susan Thomson Bellcore November 5, 1997 DNS Extensions to support IP version 6 Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). Distribution of this memo is unlimited. Abstract This document defines the changes that need to be made to the Domain Name System to support hosts running IP version 6 (IPv6). The changes include a new resource record type to store an IPv6 address, a new domain to support lookups based on an IPv6 address, and updated definitions of existing query types that return Internet addresses as part of additional section processing. Thomson & Huitema [Page 1] Internet draft IPv6 DNS Extensions November 1997 1.Introduction Current support for the storage of Internet addresses in the Domain Name System (DNS)[1,2] cannot easily be extended to support IPv6 addresses[3] since applications assume that address queries return 32-bit IPv4 addresses only. To support the storage of IPv6 addresses we define the following extensions: o A new resource record type is defined to map a domain name to an IPv6 address. o A new domain is defined to support lookups based on address. o Existing queries that perform additional section processing to locate IPv4 addresses are redefined to perform additional section processing on both IPv4 and IPv6 addresses. The changes are designed to be compatible with existing software. The existing support for IPv4 addresses is retained. Transition issues related to the co-existence of both IPv4 and IPv6 addresses in DNS are discussed in [4]. This memo proposes an incompatible extension to the specification in RFC 1886, and a departure from current implementation practices. The changes are designed to facilitate network renumbering. 2. NEW RESOURCE RECORD DEFINITION AND DOMAIN A new record type is defined to store a system's IPv6 address, or addresses. The new record contains the least significant bits of the host's IPv6 address. When the number of significant bits is lower than 128, the record also contains the domain name of another IPv6 system, which typically describes a complete subnet, or a complete site. The most significant bits will be copied from the IPv6 address of that system. If that system has several IPv6 addresses, the low bits of the host address will be combined with each prefix of the several addresses, resulting in as many IPv6 addresses for the host. A system may need several records if it is connected to several domains, as would be the case, for example, of a site connected to several providers, or of a host connected to different subnets. 2.1 AAAA record type The AAAA resource record type is a new record specific to the Internet class that stores the lower bits of a single IPv6 address and the name of a domain where to fetch the higher bits. The value of the type is 28 (decimal). Thomson & Huitema [Page 2] Internet draft IPv6 DNS Extensions November 1997 (Note that we decide here to reuse the name and code specified in RFC 1886. This is questionable, as the record formats are in fact incompatible. An alternative would be to allocate a new code. Another alternative would be to adopt a compatible record format, composed of 128 bits of address as in RFC 1886, followed by the prefix and domain name. Updated systems would be capable of reading the old records. Old systems, however, would only be capable of using the new records if they decide to use the first 128 bits and ignore the remainder. In fact, they are more likely to complain of a wrong record length.) 2.2 AAAA data format +--------------+------------------+-----------------------+ | Pre. length | Address low bits | Domain name of subnet | | (1 octet) | (0..16 octets) | (variable, 0..256) | +--------------+------------------+-----------------------+ The data portion of the AAAA record contains three fields: o a prefix length, encoded as one single octet. o the lower bits of the address, encoded on a variable number of octets. o the domain name of the subnet, encoded as a domain name, possibly compressed as specified in [3]. (The compression of the domain name saves space, but may cause problems if servers that don't understand the AAAA type cache this record.) The number of octets used to encode the lower bits shall be exactly sufficient to encode the complement to 128 bits of the prefix length. The following table gives a set of examples: Prefix length Number of octets of address 0 16 16 14 27 13 48 10 64 8 When the number of low order bits is not a multiple of 8, the address should be padded to the left with binary zeroes. The least significant address bit will always be encoded as the least significant bit of the rightmost address octet. The domain name component shall not be encoded if the length of the prefix is zero. Thomson & Huitema [Page 3] Internet draft IPv6 DNS Extensions November 1997 2.3 AAAA query An AAAA query for a specified domain name in the Internet class returns all associated AAAA resource records in the answer section of a response. A type AAAA query does perform additional section processing, by returning the AAAA records associated to the domain names mentioned in the domain's AAAA records. 2.4 Textual format of AAAA records The textual representation of the data portion of the AAAA resource record used in a master database file is composed of three fields separated by white spaces: o a prefix length, represented as a decimal number, o the textual representation of the host's IPv6 address as defined in [3], o a domain name. The domain name may be absent if the prefix length is zero. 3. Inverse queries Inverse queries are performed by looking for a DBIT record in the IP6.INT domain. The DBIT resource records contains a prefix length and a domain name. When the prefix length is not equal to 128, the search should recurse by looking in the specified domain. 3.1 DBIT record type The DBIT resource record type is a new record specific to the Internet class that stores a single IPv6 address. The value of the type is TBD (decimal). 3.2 DBIT data format +--------------+--------------------+ | Pre. length | Domain name | | (1 octet) | (variable, 0..256) | +--------------+--------------------+ The data portion of the DBIT record contains two fields: o a prefix length, encoded as one single octet. o the domain name of the subnet, encoded as a domain name, possibly compressed as specified in [3]. (The compression of the domain name saves space, but may cause problems if servers that don't understand the DBIT type cache this record.) Thomson & Huitema [Page 5] Internet draft IPv6 DNS Extensions November 1997 The prefix length is always relative to the start of the address, so that if a prefix describes completely an address its length is always set to 128. 3.3 DBIT query An DBIT query for a specified domain name in the Internet class returns all associated DBIT resource records in the answer section of a response. A type DBIT query does not perform additional section processing. 3.4 Textual format of DBIT records The textual representation of the data portion of the DBIT resource record used in a master database file is composed of two fields separated by white spaces: o a prefix length, represented as a decimal number, o a domain name. 3.5 IP6.INT Domain A special domain is defined to look up a record given an address. The intent of this domain is to provide a way of mapping an IPv6 address to a host name, although it may be used for other purposes as well. The domain is rooted at IP6.INT. An IPv6 address is represented as a name in the IP6.INT domain by a sequence of nibbles separated by dots with the suffix ".IP6.INT". The sequence of nibbles is encoded in reverse order, i.e. the low-order nibble is encoded first, followed by the next low-order nibble and so on. Each nibble is represented by a hexadecimal digit. For example, the inverse lookup domain name corresponding to the address 4321:0:1:7:3:4:567:89ab would be b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.7.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.INT. 3.6 Processing of inverse queries The DBIT request may result in one of the three following possibilities: * an error, * the return of a DBIT record indicating a prefix length of 128, Thomson & Huitema [Page 6] Internet draft IPv6 DNS Extensions November 1997 * the return of a DBIT record indicating a prefix length indicating a prefix length less than 128. The third case will occur if the request has been matched by a wildcard entry. For example, if all the IPv6 addresses that start with the prefix 4321:0:1::/48 have been delegated to the domain "net.foo.bar", it is possible to enter the record DBIT 48 net.foo.bar. for the wildcard entry: *.1.0.0.0.0.0.0.0.1.2.3.4.IP6.INT. The system that tried to find the name corresponding to the address 4321:0:1:7:3:4:567:89ab will receive this record and will note that the prefix length is only equal to 48. It will thus have to rewrite the inverse name. The new name will be rooted by the specified prefix, and will only contain the nibbles that are not subsumed by the prefix. In our example, that means: b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.7.0.0.0.net.foo.bar. The system will repeat the DBIT query for that new name. If the prefix length in the resulting DBIT is still not equal to 128, it will have to repeat the operation. If the prefix does not fit on an even number of nibbles, the most significant hexadecimal digit will only include the bits that were not specified in the prefix. The other bits will be set to zero. For example, if the address 4321:0:1:7:3:4:567:89ab had been matched by the prefix 4321:0:1:6/63, for example by DBIT 63 subnet6.foo.bar. the name used for the recursion would be: b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.1.subnet6.foo.bar. Not that the use of wildcard entries is natural in this procedure, but is not mandatory. Other solutions, such as enumeration of legal names and replication of the DBIT records, are also acceptable. Thomson & Huitema [Page 7] Internet draft IPv6 DNS Extensions November 1997 4. MODIFICATIONS TO EXISTING QUERY TYPES All existing query types that perform type A additional section processing, i.e. name server (NS), mail exchange (MX) and mailbox (MB) query types, must be redefined to perform both type A and type AAAA additional section processing. These new definitions mean that a name server must add any relevant IPv4 addresses and any relevant IPv6 addresses available locally to the additional section of a response when processing any one of the above queries. 5. SECURITY CONSIDERATIONS The AAAA and DBIT records can be secured by using the DNS security procedures. The signature of the AAAA record only proves that the record is genuine, i.e. has been inserted in the DNS by the manager of the specified domain. The signature of the DBIT record can be used to check the validity of the address delegation. 6. ACKNOWLEDGEMENTS Many of the ideas here were developed during a discussion between the authors, Robert Elz, Olafur Gudmundsson, Jim Bound, Bill Manning, Bob Fink, Mike O'Dell, Matt Crawford, Bob Hinden and Steve Deering. The specific AAAA format presented here was proposed by Robert Elz. The idea of a DBIT record was proposed by Olafur Gudmundsson. 6. REFERENCES [1] Mockapetris, P., "Domain Names - Concepts and Facilities", STD 13, RFC 1034, USC/Information Sciences Institute, November 1987. [2] Mockapetris, P., "Domain Names - Implementation and Specifica- tion", STD 13, RFC 1035, USC/Information Sciences Institute, November 1987. [3] Hinden, R., and S. Deering, Editors, "IP Version 6 Addressing Architecture", RFC 1884, Ipsilon Networks, Xerox PARC, December 1995. [4] Gilligan, R., and E. Nordmark, "Transition Mechanisms for IPv6 Hosts and Routers", Work in Progress. [5] Huitema C., and S. Thomson, "DNS Extensions to support IP version 6." RFC 1886. Thomson & Huitema [Page 8] Internet draft IPv6 DNS Extensions November 1997 Authors' Addresses Susan Thomson Bellcore MCC 1C259B 445 South Street Morristown, NJ 07960 U.S.A. Phone: +1 201-829-4514 EMail: set@bellcore.com Christian Huitema Bellcore MCC 1J236B 445 South Street Morristown, NJ 07960 U.S.A. Phone: +1 201-829-4266 EMail: huitema@bellcore.com Thomson & Huitema [Page 9]