P. Vixie | |
Internet Systems Consortium, Inc. | |
August 26, 2002 |
Using DNAME to rename IP6.INT
isc-tn-2002-1
Various political and technical pressures have recently led to the deprecation of the IP6.INT name space in favour of IP6.ARPA. This makes IPv6 PTR data management difficult, since interim clients will search IP6.INT while standard clients will search IP6.ARPA. We present a simple method based on DNAME RR's (see RFC2672) and ISC BIND9 whereby zone information can be managed in a single location and then made visible in two namespaces.
This memo describes a methodology in use inside ISC which may be of use to other members of the Internet technical community. Distribution of this memo is unlimited, if full attribution is given.
The IETF recently decided (see [RFC3152])to restandardize IPv6 PTR RRs such that they will be found in the IP6.ARPA namespace rather than under the interim IP6.INT namespace.
Interim clients -- all IPv6 endstations to date -- will continue to search the IP6.INT namespace for PTRs when the getnameinfo() function (see RFC2553bis) is called to translate an IPv6 address into a hostname.
Network managers must make their PTR data reachable under both the interim (IP6.INT) and standard (IP6.ARPA) name spaces in order to serve the full community of IPv6 endstations in both the present and future.
A very simple solution to this is the use of DNAME RR's (see [RFC2672]) to effectively "tail-rename" portions of the interim (IP6.INT) namespace into the standard (IP6.ARPA) namespace.
This approach will work for any point in the namespace including the top level (.IP6.INT itself) or for the entire 6Bone (E.F.F.3.IP6.INT), as long as all authority servers for the PTR zone fully implement DNAME RR behaviour as specified in [RFC2672]. BIND9 is one such server implementation, available free of charge, and works in nearly all modern operating systems and platforms.
If some of the authority servers for a DNAME-containing IP6.INT zone comply with only the earlier DNS standards (e.g., [RFC1035] and [RFC2181], as supported by ISC BIND8), then they will not be able to load or serve zones which contain DNAME RR's and will be "lame" for those zones. This creates a minor performance problem but is not fatal.
If some of the authority servers for a DNAME-containing IP6.INT zone load the zone expecting to serve DNAME RR's opaquely, then they will give a NOERROR/ANCOUNT=0 or NXDOMAIN response when queried for an IP6.INT PTR RR. This will cause endstation address-to-hostname translations to fail outright, and is therefore fatal.
Here is the master file for 2001:04F8:/32's interim (IP6.INT) PTR zone.
$ORIGIN 8.f.4.0.1.0.0.2.ip6.int. $TTL 2H @ SOA ns-ext.vix.com. hostmaster.isc.org. ( 2002082201 ; serial 8H ; refresh 30M ; retry 30D ; expiry 1H ) ; minimum NS ns-ext.vix.com. NS ns.ripe.net. TXT "$Revision: 1.5 $" DNAME 8.f.4.0.1.0.0.2.ip6.arpa.
In this example, there is a normal and valid SOA and two NS RR's, along with an optional RCS identifier (stored as a TXT RR), followed by a DNAME RR. Once deployed, this zone never needs to be edited unless the SOA or NS information changes.
The actual PTR data for 2001:04F8:/32 is under the standard (IP6.ARPA) zone as told on the right hand side of the DNAME RR's, an excerpt of which is:
$ORIGIN 1.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa. ; Palo Alto $ORIGIN d.0.0.0 ; vlan pa-blue f.2.0.0.8.0.e.f.f.f.7.4.3.0.2.0 PTR pa-blue.fwpaa.isc.org. 8.f.b.4.0.0.e.f.f.f.7.4.3.0.2.0 PTR pa-blue.fwpab.isc.org. e.7.0.b.3.c.e.f.f.f.b.2.0.0.a.0 PTR isrv4.isc.org. a.7.7.e.7.0.e.f.f.f.8.f.0.0.2.0 PTR phred.isc.org.
BIND9's configuration file would include two "zone" declarations:
zone "8.f.4.0.1.0.0.2.ip6.arpa" { // ARIN ISC6-1 type master; file "pri/2001:04F8:"; }; zone "8.f.4.0.1.0.0.2.ip6.int" { // ARIN ISC6-1 (.int) type master; file "pri/2001:04F8:.int"; };
Note that the name given to the DNAME-containing file ends in ".int" in order to distinguish it as a metazone which hardly ever needs to be edited.
This idea originated with Mark Andrews.
[I-D.ietf-ipngwg-rfc2553bis] | Gilligan, R., McCann, J., Bound, J. and S. Thomson, "Basic Socket Interface Extensions for IPv6", Internet-Draft draft-ietf-ipngwg-rfc2553bis-09, December 2002. |
[RFC1035] | Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, November 1987. |
[RFC2181] | Elz, R. and R. Bush, "Clarifications to the DNS Specification", RFC 2181, DOI 10.17487/RFC2181, July 1997. |
[RFC2553] | Gilligan, R., Thomson, S., Bound, J. and W. Stevens, "Basic Socket Interface Extensions for IPv6", RFC 2553, DOI 10.17487/RFC2553, March 1999. |
[RFC2672] | Crawford, M., "Non-Terminal DNS Name Redirection", RFC 2672, DOI 10.17487/RFC2672, August 1999. |
[RFC3152] | Bush, R., "Delegation of IP6.ARPA", BCP 49, RFC 3152, DOI 10.17487/RFC3152, August 2001. |