draft-ietf-6man-rdnss-rfc6106bis-09.txt   draft-ietf-6man-rdnss-rfc6106bis-10.txt 
Network Working Group J. Jeong Network Working Group J. Jeong
Internet-Draft Sungkyunkwan University Internet-Draft Sungkyunkwan University
Obsoletes: 6106 (if approved) S. Park Obsoletes: 6106 (if approved) S. Park
Intended status: Standards Track Korean Bible University Intended status: Standards Track Samsung Electronics
Expires: September 12, 2016 L. Beloeil Expires: September 15, 2016 L. Beloeil
France Telecom R&D France Telecom R&D
S. Madanapalli S. Madanapalli
iRam Technologies iRam Technologies
March 11, 2016 March 14, 2016
IPv6 Router Advertisement Options for DNS Configuration IPv6 Router Advertisement Options for DNS Configuration
draft-ietf-6man-rdnss-rfc6106bis-09 draft-ietf-6man-rdnss-rfc6106bis-10
Abstract Abstract
This document specifies IPv6 Router Advertisement options to allow This document specifies IPv6 Router Advertisement options to allow
IPv6 routers to advertise a list of DNS recursive server addresses IPv6 routers to advertise a list of DNS recursive server addresses
and a DNS Search List to IPv6 hosts. and a DNS Search List to IPv6 hosts.
This document obsoletes RFC 6106 and allows a higher default value of This document obsoletes RFC 6106 and allows a higher default value of
the lifetime of the RA DNS options to avoid the frequent expiry of the lifetime of the RA DNS options to avoid the frequent expiry of
the options on links with a relatively high rate of packet loss. the options on links with a relatively high rate of packet loss.
skipping to change at page 1, line 47 skipping to change at page 1, line 47
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 12, 2016. This Internet-Draft will expire on September 15, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
skipping to change at page 2, line 32 skipping to change at page 2, line 32
Configuration . . . . . . . . . . . . . . . . . . . . . . 4 Configuration . . . . . . . . . . . . . . . . . . . . . . 4
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5 5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5
5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 6 5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 6
5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7 5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7
5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8 5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8
5.3.1. Procedure in IPv6 Host . . . . . . . . . . . . . . . . 8 5.3.1. Procedure in IPv6 Host . . . . . . . . . . . . . . . . 8
5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9 5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9
6. Implementation Considerations . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
6.1. DNS Repository Management . . . . . . . . . . . . . . . . 10 6.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 9
6.2. Synchronization between DNS Server List and Resolver 6.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 10
Repository . . . . . . . . . . . . . . . . . . . . . . . . 10 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
6.3. Synchronization between DNS Search List and Resolver 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
Repository . . . . . . . . . . . . . . . . . . . . . . . . 12 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 9.1. Normative References . . . . . . . . . . . . . . . . . . . 11
7.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 12 9.2. Informative References . . . . . . . . . . . . . . . . . . 12
7.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 12 Appendix A. Changes from RFC 6106 . . . . . . . . . . . . . . . . 13
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.1. Normative References . . . . . . . . . . . . . . . . . . . 14
10.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. Changes from RFC 6106 . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
The purpose of this document is to standardize an IPv6 Router The purpose of this document is to standardize an IPv6 Router
Advertisement (RA) option for DNS Recursive Server Addresses used for Advertisement (RA) option for DNS Recursive Server Addresses used for
the DNS name resolution in IPv6 hosts. This RA option was originally the DNS name resolution in IPv6 hosts. This RA option was originally
specified in an earlier Experimental specification [RFC5006] and was specified in an earlier Experimental specification [RFC5006] and was
later published as a Standards Track in [RFC6106]. This document later published as a Standards Track in [RFC6106]. This document
obsoletes [RFC6106], allowing a higher default value of the lifetime obsoletes [RFC6106], allowing a higher default value of the lifetime
of the RA DNS options to avoid the frequent expiry of the options on of the RA DNS options to avoid the frequent expiry of the options on
links with a relatively high rate of packet loss, and also making links with a relatively high rate of packet loss, and also making
additional clarifications, see Appendix B for details. additional clarifications, see Appendix A for details.
Neighbor Discovery (ND) for IP version 6 and IPv6 Stateless Address Neighbor Discovery (ND) for IP version 6 and IPv6 Stateless Address
Autoconfiguration (SLAAC) provide ways to configure either fixed or Autoconfiguration (SLAAC) provide ways to configure either fixed or
mobile nodes with one or more IPv6 addresses, default routers, and mobile nodes with one or more IPv6 addresses, default routers, and
some other parameters [RFC4861][RFC4862]. Most Internet names are some other parameters [RFC4861][RFC4862]. Most Internet names are
identified by using a DNS name. The two RA options defined in this identified by using a DNS name. The two RA options defined in this
document provide the DNS information needed for an IPv6 host to reach document provide the DNS information needed for an IPv6 host to reach
Internet names. Internet names.
It is infeasible to manually configure nomadic hosts each time they It is infeasible to manually configure nomadic hosts each time they
skipping to change at page 8, line 51 skipping to change at page 8, line 51
is, the value of the Length field in the RDNSS option is greater is, the value of the Length field in the RDNSS option is greater
than or equal to the minimum value (3), and satisfies that (Length than or equal to the minimum value (3), and satisfies that (Length
- 1) % 2 == 0. The value of the Length field in the DNSSL option - 1) % 2 == 0. The value of the Length field in the DNSSL option
is greater than or equal to the minimum value (2). Also, the is greater than or equal to the minimum value (2). Also, the
validity of the RDNSS option is checked with the "Addresses of validity of the RDNSS option is checked with the "Addresses of
IPv6 Recursive DNS Servers" field; that is, the addresses should IPv6 Recursive DNS Servers" field; that is, the addresses should
be unicast addresses. be unicast addresses.
o If the DNS options are valid, the host SHOULD copy the values of o If the DNS options are valid, the host SHOULD copy the values of
the options into the DNS Repository and the Resolver Repository in the options into the DNS Repository and the Resolver Repository in
order. Otherwise, the host MUST discard the options. Refer to order. Otherwise, the host MUST discard the options.
Section 6 for the detailed procedure.
In the case where the DNS options of RDNSS and DNSSL can be obtained In the case where the DNS options of RDNSS and DNSSL can be obtained
from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep
some DNS options from all sources. Unless explicitly specified for some DNS options from all sources. Unless explicitly specified for
the discovery mechanism, the exact number of addresses and domain the discovery mechanism, the exact number of addresses and domain
names to keep is a matter of local policy and implementation choice names to keep is a matter of local policy and implementation choice
as a local configuration option. However, in the case of multiple as a local configuration option. However, in the case of multiple
sources, the ability to store a total of at least three RDNSS sources, the ability to store a total of at least three RDNSS
addresses (or DNSSL domain names) from the multiple sources is addresses (or DNSSL domain names) from the multiple sources is
RECOMMENDED. The DNS options from Router Advertisements and DHCP RECOMMENDED. The DNS options from Router Advertisements and DHCP
SHOULD be stored into the DNS Repository and Resolver Repository so SHOULD be stored into the DNS Repository and Resolver Repository so
that information from DHCP appears there first and therefore takes that information from DHCP appears there first and therefore takes
precedence. Thus, the DNS information from DHCP takes precedence precedence. Thus, the DNS information from DHCP takes precedence
over that from RA for DNS queries. On the other hand, for DNS over that from RA for DNS queries. On the other hand, for DNS
options announced by RA, if some RAs use the Secure Neighbor options announced by RA, if some RAs use the Secure Neighbor
Discovery (SEND) protocol [RFC3971] for RA security, they MUST be Discovery (SEND) protocol [RFC3971] for RA security, they MUST be
preferred over those that do not use SEND. Refer to Section 7 for preferred over those that do not use SEND. Refer to Section 6 for
the detailed discussion on SEND for RA DNS options. the detailed discussion on SEND for RA DNS options.
5.3.2. Warnings for DNS Options Configuration 5.3.2. Warnings for DNS Options Configuration
There are two warnings for DNS options configuration: (i) warning for There are two warnings for DNS options configuration: (i) warning for
multiple sources of DNS options and (ii) warning for multiple network multiple sources of DNS options and (ii) warning for multiple network
interfaces. First, in the case of multiple sources for DNS options interfaces. First, in the case of multiple sources for DNS options
(e.g., RA and DHCP), an IPv6 host can configure its IP addresses from (e.g., RA and DHCP), an IPv6 host can configure its IP addresses from
these sources. In this case, it is not possible to control how the these sources. In this case, it is not possible to control how the
host uses DNS information and what source addresses it uses to send host uses DNS information and what source addresses it uses to send
skipping to change at page 9, line 45 skipping to change at page 9, line 44
the multiple sources in order to minimize the impact of such problems the multiple sources in order to minimize the impact of such problems
[DHCPv6-SLAAC]. [DHCPv6-SLAAC].
Second, if different DNS information is provided on different network Second, if different DNS information is provided on different network
interfaces, this can lead to inconsistent behavior. The IETF worked interfaces, this can lead to inconsistent behavior. The IETF worked
on solving this problem for both DNS and other information obtained on solving this problem for both DNS and other information obtained
by multiple interfaces [RFC6418][RFC6419], and standardized the by multiple interfaces [RFC6418][RFC6419], and standardized the
solution for RDNSS selection for multi-interfaced nodes in [RFC6731], solution for RDNSS selection for multi-interfaced nodes in [RFC6731],
which is based on DHCP. which is based on DHCP.
6. Implementation Considerations 6. Security Considerations
Note: This non-normative section gives some hints for implementing
the processing of the RDNSS and DNSSL options in an IPv6 host.
For the configuration and management of DNS information, the
advertised DNS configuration information can be stored and managed in
both the DNS Repository and the Resolver Repository. These two
repositories should be synchronized however the processing of RA DNS
options are implemented in the kernel space or user space.
6.1. DNS Repository Management
For DNS repository management, the kernel or user-space process
(depending on where RAs are processed) should maintain two data
structures: (i) DNS Server List that keeps the list of RDNSS
addresses and (ii) DNS Search List that keeps the list of DNS search
domain names. Each entry in these two lists consists of a pair of an
RDNSS address (or DNSSL domain name) and Expiration-time as follows:
o RDNSS address for DNS Server List: IPv6 address of the Recursive
DNS Server, which is available for recursive DNS resolution
service in the network advertising the RDNSS option.
o DNSSL domain name for DNS Search List: DNS suffix domain names,
which are used to perform DNS query searches for short,
unqualified domain names for the RDNSS address, which is
advertised by the same RA message having the DNSSL option, in the
network advertising the DNSSL option.
o Expiration-time for DNS Server List or DNS Search List: The time
when this entry becomes invalid. Expiration-time is set to the
value of the Lifetime field of the RDNSS option or DNSSL option
plus the current time. Whenever a new RDNSS option with the same
address (or DNSSL option with the same domain name) is received on
the same interface as a previous RDNSS option (or DNSSL option),
this field is updated to have a new Expiration-time. When the
current time becomes larger than Expiration-time, this entry is
regarded as expired. Note that the DNS information for the RDNSS
and DNSSL options need not be dropped if the expiry of the RA
router lifetime happens. This is because these options have their
own lifetime values.
6.2. Synchronization between DNS Server List and Resolver Repository
When an IPv6 host receives the information of multiple RDNSS
addresses within a network (e.g., campus network and company network)
through an RA message with RDNSS option(s), it stores the RDNSS
addresses (in order) into both the DNS Server List and the Resolver
Repository. The processing of the RDNSS consists of (i) the
processing of RDNSS option(s) included in an RA message and (ii) the
handling of expired RDNSSes. The processing of RDNSS option(s) is as
follows:
Step (a): Receive and parse the RDNSS option(s). For the RDNSS
addresses in each RDNSS option, perform Steps (b) through (d).
Step (b): For each RDNSS address, check the following: If the
RDNSS address already exists in the DNS Server List and the RDNSS
option's Lifetime field is set to zero, delete the corresponding
RDNSS entry from both the DNS Server List and the Resolver
Repository in order to prevent the RDNSS address from being used
any more for certain reasons in network management, e.g., the
termination of the RDNSS or a renumbering situation. That is, the
RDNSS can resign from its DNS service because the machine running
the RDNSS is out of service intentionally or unintentionally.
Also, under the renumbering situation, the RDNSS's IPv6 address
will be changed, so the previous RDNSS address should not be used
any more. The processing of this RDNSS address is finished here.
Otherwise, go to Step (c).
Step (c): For each RDNSS address, if it already exists in the DNS
Server List, then just update the value of the Expiration-time
field according to the procedure specified in the third bullet of
Section 6.1. Otherwise, go to Step (d).
Step (d): For each RDNSS address, if it does not exist in the DNS
Server List, register the RDNSS address and Lifetime with the DNS
Server List and then insert the RDNSS address in front of the
Resolver Repository. In the case where the data structure for the
DNS Server List is full of RDNSS entries (that is, has more
RDNSSes than the sufficient number discussed in Section 5.3.1),
delete from the DNS Server List the entry with the shortest
Expiration-time (i.e., the entry that will expire first). The
corresponding RDNSS address is also deleted from the Resolver
Repository. For the ordering of RDNSS addresses in an RDNSS
option, position the first RDNSS address in the RDNSS option as
the first one in the Resolver Repository, the second RDNSS address
in the option as the second one in the repository, and so on.
This ordering allows the RDNSS addresses in the RDNSS option to be
preferred according to their order in the RDNSS option for the DNS
name resolution. The processing of these RDNSS addresses is
finished here.
The handling of expired RDNSSes is as follows: Whenever an entry
expires in the DNS Server List, the expired entry is deleted from the
DNS Server List, and also the RDNSS address corresponding to the
entry is deleted from the Resolver Repository.
6.3. Synchronization between DNS Search List and Resolver Repository
When an IPv6 host receives the information of multiple DNSSL domain
names within a network through an RA message with DNSSL option(s), it
stores the DNSSL domain names (in order) into both the DNS Search
List and the Resolver Repository. The processing of the DNSSL
consists of (i) the processing of DNSSL option(s) included in an RA
message and (ii) the handling of expired DNSSLs. The processing of
DNSSL option(s) is the same with that of RDNSS option(s) in Section
6.2 except Step (b).
In Step (b), if the DNSSL domain name already exists in the DNS
Search List and the DNSSL option's Lifetime field is set to zero,
delete the corresponding DNSSL entry from both the DNS Search List
and the Resolver Repository in order to prevent the DNSSL domain name
from being used any more for certain reasons in network management,
e.g., the termination of the usage of the DNSSL domain name. That
is, the DNSSL domain name may not be used any more by the policy of
the network.
7. Security Considerations
In this section, we analyze security threats related to DNS options In this section, we analyze security threats related to DNS options
and then suggest recommendations to cope with such security threats. and then suggest recommendations to cope with such security threats.
7.1. Security Threats 6.1. Security Threats
For the RDNSS option, an attacker could send an RA with a fraudulent For the RDNSS option, an attacker could send an RA with a fraudulent
RDNSS address, misleading IPv6 hosts into contacting an unintended RDNSS address, misleading IPv6 hosts into contacting an unintended
DNS server for DNS name resolution. Also, for the DNSSL option, an DNS server for DNS name resolution. Also, for the DNSSL option, an
attacker can let IPv6 hosts resolve a host name without a DNS suffix attacker can let IPv6 hosts resolve a host name without a DNS suffix
into an unintended host's IP address with a fraudulent DNS Search into an unintended host's IP address with a fraudulent DNS Search
List. These attacks are similar to ND attacks specified in [RFC4861] List. These attacks are similar to ND attacks specified in [RFC4861]
that use Redirect or Neighbor Advertisement messages to redirect that use Redirect or Neighbor Advertisement messages to redirect
traffic to individual addresses of malicious parties. traffic to individual addresses of malicious parties.
However, the security of these RA options for DNS configuration does However, the security of these RA options for DNS configuration does
not affect ND protocol security [RFC4861]. This is because learning not affect ND protocol security [RFC4861]. This is because learning
DNS information via the RA options cannot be worse than learning bad DNS information via the RA options cannot be worse than learning bad
router information via the RA options. Therefore, the vulnerability router information via the RA options. Therefore, the vulnerability
of ND is not worse and is a subset of the attacks that any node of ND is not worse and is a subset of the attacks that any node
attached to a LAN can do. attached to a LAN can do.
7.2. Recommendations 6.2. Recommendations
The Secure Neighbor Discovery (SEND) protocol [RFC3971] is designed The Secure Neighbor Discovery (SEND) protocol [RFC3971] is designed
as a security mechanism for ND. In this case, ND can use SEND to as a security mechanism for ND. In this case, ND can use SEND to
allow all the ND options including the RDNSS and DNSSL options to be allow all the ND options including the RDNSS and DNSSL options to be
automatically included in the signatures. Other approaches specified automatically included in the signatures. Other approaches specified
in [RFC4861] can be used for securing the RA options for DNS in [RFC4861] can be used for securing the RA options for DNS
configuration. configuration.
It is common for network devices such as switches to include It is common for network devices such as switches to include
mechanisms to block unauthorized ports from running a DHCPv6 server mechanisms to block unauthorized ports from running a DHCPv6 server
skipping to change at page 13, line 23 skipping to change at page 10, line 42
RECOMMENDED to block rogue Router Advertisement messages [RFC6104] RECOMMENDED to block rogue Router Advertisement messages [RFC6104]
including the RDNSS and DNSSL options from unauthorized nodes. including the RDNSS and DNSSL options from unauthorized nodes.
An attacker may provide a bogus DNS Search List option in order to An attacker may provide a bogus DNS Search List option in order to
cause the victim to send DNS queries to a specific DNS server when cause the victim to send DNS queries to a specific DNS server when
the victim queries non-FQDNs (fully qualified domain names). For the victim queries non-FQDNs (fully qualified domain names). For
this attack, the DNS resolver in IPv6 hosts can mitigate the this attack, the DNS resolver in IPv6 hosts can mitigate the
vulnerability with the recommendations mentioned in [RFC1535], vulnerability with the recommendations mentioned in [RFC1535],
[RFC1536], and [RFC3646]. [RFC1536], and [RFC3646].
8. IANA Considerations 7. IANA Considerations
The RDNSS option defined in this document uses the IPv6 Neighbor The RDNSS option defined in this document uses the IPv6 Neighbor
Discovery Option type defined in RFC 6106 [RFC6106], which was Discovery Option type defined in RFC 6106 [RFC6106], which was
assigned by the IANA as follows: assigned by the IANA as follows:
Option Name Type Option Name Type
Recursive DNS Server Option 25 Recursive DNS Server Option 25
The DNSSL option defined in this document uses the IPv6 Neighbor The DNSSL option defined in this document uses the IPv6 Neighbor
Discovery Option type defined in RFC 6106 [RFC6106], which was Discovery Option type defined in RFC 6106 [RFC6106], which was
assigned by the IANA as follows: assigned by the IANA as follows:
Option Name Type Option Name Type
DNS Search List Option 31 DNS Search List Option 31
These options have been registered in the "Internet Control Message These options have been registered in the "Internet Control Message
Protocol version 6 (ICMPv6) Parameters" registry (http:// Protocol version 6 (ICMPv6) Parameters" registry (http://
www.iana.org/assignments/icmpv6-parameters/ www.iana.org/assignments/icmpv6-parameters/
icmpv6-parameters.xhtml#icmpv6-parameters-5). icmpv6-parameters.xhtml#icmpv6-parameters-5).
9. Acknowledgements 8. Acknowledgements
This document has greatly benefited from inputs by Robert Hinden, This document has greatly benefited from inputs by Robert Hinden,
Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik
Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony
Cheneau, Fernando Gont, Jen Linkova, Ole Troan, Mark Smith, Tatuya Cheneau, Fernando Gont, Jen Linkova, Ole Troan, Mark Smith, Tatuya
Jinmei, Lorenzo Colitti, Tore Anderson, David Farmer, and Bing Liu. Jinmei, Lorenzo Colitti, Tore Anderson, David Farmer, and Bing Liu.
The authors sincerely appreciate their contributions. The authors sincerely appreciate their contributions.
This document was supported by Institute for Information & This document was supported by Institute for Information &
communications Technology Promotion (IITP) grant funded by the Korea communications Technology Promotion (IITP) grant funded by the Korea
government (MSIP) [10041244, Smart TV 2.0 Software Platform]. government (MSIP) [10041244, Smart TV 2.0 Software Platform].
10. References 9. References
10.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H.
Soliman, "Neighbor Discovery for IP version 6 Soliman, "Neighbor Discovery for IP version 6
(IPv6)", RFC 4861, September 2007. (IPv6)", RFC 4861, September 2007.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6
Stateless Address Autoconfiguration", RFC 4862, Stateless Address Autoconfiguration", RFC 4862,
September 2007. September 2007.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E.,
and B. Zill, "IPv6 Scoped Address Architecture", and B. Zill, "IPv6 Scoped Address Architecture",
RFC 4007, March 2005. RFC 4007, March 2005.
10.2. Informative References 9.2. Informative References
[RFC1034] Mockapetris, P., "Domain names - concepts and [RFC1034] Mockapetris, P., "Domain names - concepts and
facilities", STD 13, RFC 1034, November 1987. facilities", STD 13, RFC 1034, November 1987.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration C., and M. Carney, "Dynamic Host Configuration
Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3736] Droms, R., "Stateless Dynamic Host Configuration [RFC3736] Droms, R., "Stateless Dynamic Host Configuration
Protocol (DHCP) Service for IPv6", RFC 3736, Protocol (DHCP) Service for IPv6", RFC 3736,
skipping to change at page 16, line 28 skipping to change at page 13, line 51
o The recommendation that at most three RDNSS addresses to maintain o The recommendation that at most three RDNSS addresses to maintain
by RDNSS options should be limited is removed. By this removal, by RDNSS options should be limited is removed. By this removal,
the number of RDNSSes to maintain is up to an implementer's local the number of RDNSSes to maintain is up to an implementer's local
policy. policy.
o The recommendation that at most three DNS domains to maintain by o The recommendation that at most three DNS domains to maintain by
DNSSL options should be limited is removed. By this removal, when DNSSL options should be limited is removed. By this removal, when
the set of unique DNSSL values are not equivalent, none of them the set of unique DNSSL values are not equivalent, none of them
are ignored for hostname lookups. are ignored for hostname lookups.
o The guidance of the specific implementation for the o The section of implementation considerations for RA DNS Options is
synchronization of the DNS Repository and Resolver Repository on removed.
the kernel space and user space is removed.
o The usage of the keywords of SHOULD and RECOMMENDED in RFC 2119 is o The usage of the keywords of SHOULD and RECOMMENDED in RFC 2119 is
removed in the recommendation of using SEND for secure ND. removed in the recommendation of using SEND for secure ND.
Instead of the keywords, SEND is specified as a possible solution Instead of the keywords, SEND is specified as a possible solution
for secure ND. for secure ND.
Authors' Addresses Authors' Addresses
Jaehoon Paul Jeong Jaehoon Paul Jeong
Department of Software Department of Software
skipping to change at page 17, line 4 skipping to change at page 14, line 23
Department of Software Department of Software
Sungkyunkwan University Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu 2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419 Suwon, Gyeonggi-Do 16419
Republic of Korea Republic of Korea
Phone: +82 31 299 4957 Phone: +82 31 299 4957
Fax: +82 31 290 7996 Fax: +82 31 290 7996
EMail: pauljeong@skku.edu EMail: pauljeong@skku.edu
URI: http://iotlab.skku.edu/people-jaehoon-jeong.php URI: http://iotlab.skku.edu/people-jaehoon-jeong.php
Soohong Daniel Park Soohong Daniel Park
Department of Computer Software Software R&D Center
Korean Bible University Samsung Electronics
205 SangGye7-Dong, Nowon-Gu Seoul R&D Campus D-Tower, 56, Seongchon-Gil, Seocho-Gu
Seoul 01757 Seoul 06765
Republic of Korea Republic of Korea
Phone: +82 2 950 5494 EMail: soohong.park@samsung.com
EMail: daniel@bible.ac.kr
Luc Beloeil Luc Beloeil
France Telecom R&D France Telecom R&D
42, rue des coutures 42, rue des coutures
BP 6243 BP 6243
14066 CAEN Cedex 4 14066 CAEN Cedex 4
France France
Phone: +33 2 40 44 97 40 Phone: +33 2 40 44 97 40
EMail: luc.beloeil@orange-ftgroup.com EMail: luc.beloeil@orange-ftgroup.com
 End of changes. 20 change blocks. 
160 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.44. The latest version is available from http://tools.ietf.org/tools/rfcdiff/