draft-ietf-6man-rdnss-rfc6106bis-14.txt   draft-ietf-6man-rdnss-rfc6106bis-15.txt 
Network Working Group J. Jeong Network Working Group J. Jeong
Internet-Draft Sungkyunkwan University Internet-Draft Sungkyunkwan University
Obsoletes: 6106 (if approved) S. Park Obsoletes: 6106 (if approved) S. Park
Intended status: Standards Track Samsung Electronics Intended status: Standards Track Samsung Electronics
Expires: December 16, 2016 L. Beloeil Expires: July 21, 2017 L. Beloeil
France Telecom R&D France Telecom R&D
S. Madanapalli S. Madanapalli
iRam Technologies iRam Technologies
June 14, 2016 January 17, 2017
IPv6 Router Advertisement Options for DNS Configuration IPv6 Router Advertisement Options for DNS Configuration
draft-ietf-6man-rdnss-rfc6106bis-14 draft-ietf-6man-rdnss-rfc6106bis-15
Abstract Abstract
This document specifies IPv6 Router Advertisement (RA) options This document specifies IPv6 Router Advertisement (RA) options
(called DNS RA options) to allow IPv6 routers to advertise a list of (called DNS RA options) to allow IPv6 routers to advertise a list of
DNS recursive server addresses and a DNS Search List to IPv6 hosts. DNS recursive server addresses and a DNS Search List to IPv6 hosts.
This document obsoletes RFC 6106 and allows a higher default value of This document, which obsoletes RFC 6106, defines a higher default
the lifetime of the DNS RA options to avoid the frequent expiry of value of the lifetime of the DNS RA options to reduce the likelihood
the options on links with a relatively high rate of packet loss. of expiry of the options on links with a relatively high rate of
packet loss.
Status of This Memo Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 47 skipping to change at page 1, line 48
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 16, 2016. This Internet-Draft will expire on July 21, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 32 skipping to change at page 2, line 35
Configuration . . . . . . . . . . . . . . . . . . . . . . 4 Configuration . . . . . . . . . . . . . . . . . . . . . . 4
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5 5. Neighbor Discovery Extension . . . . . . . . . . . . . . . . . 5
5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 5 5.1. Recursive DNS Server Option . . . . . . . . . . . . . . . 5
5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7 5.2. DNS Search List Option . . . . . . . . . . . . . . . . . . 7
5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8 5.3. Procedure of DNS Configuration . . . . . . . . . . . . . . 8
5.3.1. Procedure in IPv6 Hosts . . . . . . . . . . . . . . . 8 5.3.1. Procedure in IPv6 Hosts . . . . . . . . . . . . . . . 8
5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9 5.3.2. Warnings for DNS Options Configuration . . . . . . . . 9
6. Implementation Considerations . . . . . . . . . . . . . . . . 9 6. Implementation Considerations . . . . . . . . . . . . . . . . 10
6.1. DNS Repository Management . . . . . . . . . . . . . . . . 10 6.1. DNS Repository Management . . . . . . . . . . . . . . . . 10
6.2. Synchronization between DNS Server List and Resolver 6.2. Synchronization between DNS Server List and Resolver
Repository . . . . . . . . . . . . . . . . . . . . . . . . 10
6.3. Synchronization between DNS Search List and Resolver
Repository . . . . . . . . . . . . . . . . . . . . . . . . 11 Repository . . . . . . . . . . . . . . . . . . . . . . . . 11
6.3. Synchronization between DNS Search List and Resolver
Repository . . . . . . . . . . . . . . . . . . . . . . . . 12
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
7.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 12 7.1. Security Threats . . . . . . . . . . . . . . . . . . . . . 12
7.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 12 7.2. Recommendations . . . . . . . . . . . . . . . . . . . . . 12
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.1. Normative References . . . . . . . . . . . . . . . . . . . 13 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14
10.2. Informative References . . . . . . . . . . . . . . . . . . 14 10.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. Changes from RFC 6106 . . . . . . . . . . . . . . . . 15 Appendix A. Changes from RFC 6106 . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
The purpose of this document is to standardize IPv6 Router The purpose of this document is to standardize IPv6 Router
Advertisement (RA) options (DNS RA options) for DNS Recursive Server Advertisement (RA) options (DNS RA options) for DNS Recursive Server
Addresses used for the DNS name resolution in IPv6 hosts, and also Addresses used for the DNS name resolution in IPv6 hosts, and also
for a DNS Search List of domain suffixes. for a DNS Search List of domain suffixes.
Neighbor Discovery (ND) for IP version 6 and IPv6 Stateless Address Neighbor Discovery (ND) for IP version 6 and IPv6 Stateless Address
Autoconfiguration (SLAAC) provide ways to configure either fixed or Autoconfiguration (SLAAC) provide ways to configure either fixed or
skipping to change at page 7, line 10 skipping to change at page 7, line 10
MAY be link-local addresses. Such link-local addresses SHOULD be MAY be link-local addresses. Such link-local addresses SHOULD be
registered into the resolver repository along with the registered into the resolver repository along with the
corresponding link zone indices of the links that receive the corresponding link zone indices of the links that receive the
RDNSS option(s) for them. The link-local addresses MAY be RDNSS option(s) for them. The link-local addresses MAY be
represented in the resolver repository with their link zone represented in the resolver repository with their link zone
indices in the textual format for scoped addresses as described in indices in the textual format for scoped addresses as described in
[RFC4007]. When a resolver sends a DNS query message to an RDNSS [RFC4007]. When a resolver sends a DNS query message to an RDNSS
identified by a link-local address, it MUST use the corresponding identified by a link-local address, it MUST use the corresponding
link. link.
The rationale of the default value of the Lifetime field is as
follows. Router Lifetime set by AdvDefaultLifetime has the
default of 3 * MaxRtrAdvInterval in [RFC4861], so such a default
or a larger default can allow for the reliability of DNS options
even under the loss of RAs on links with a relatively high rate of
packet loss. Note that the ratio of AdvDefaultLifetime to
MaxRtrAdvInterval is the number of unsolicited multicasted RAs
sent by the router. Since the DNS option entries can survive for
at most three consecutive losses of RAs containing DNS options,
the default value of the Lifetime lets the DNS option entries be
resilient to packet-loss environments.
5.2. DNS Search List Option 5.2. DNS Search List Option
The DNSSL option contains one or more domain names of DNS suffixes. The DNSSL option contains one or more domain names of DNS suffixes.
All of the domain names share the same Lifetime value. If it is All of the domain names share the same Lifetime value. If it is
desirable to have different Lifetime values, multiple DNSSL options desirable to have different Lifetime values, multiple DNSSL options
can be used. Figure 2 shows the format of the DNSSL option. can be used. Figure 2 shows the format of the DNSSL option.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 10, line 7 skipping to change at page 10, line 13
solution for RDNSS selection for multi-interfaced nodes in [RFC6731], solution for RDNSS selection for multi-interfaced nodes in [RFC6731],
which is based on DHCP. which is based on DHCP.
6. Implementation Considerations 6. Implementation Considerations
The implementation considerations in this document include the The implementation considerations in this document include the
following three: (i) DNS repository management, (ii) synchronization following three: (i) DNS repository management, (ii) synchronization
between DNS server list and resolver repository, and (iii) between DNS server list and resolver repository, and (iii)
synchronization between DNS search list and resolver repository. synchronization between DNS search list and resolver repository.
Note: The implementations that are updated according to this
document will still interoperate with the existing implementations
according to [RFC6106]. This is because the main change of this
document is the increase of the default Lifetime of DNS options,
considering lossy links.
6.1. DNS Repository Management 6.1. DNS Repository Management
For DNS repository management, the following two data structures For DNS repository management, the following two data structures
SHOULD be synchronized with the resolver repository: (i) DNS Server SHOULD be synchronized with the resolver repository: (i) DNS Server
List that keeps the list of RDNSS addresses and (ii) DNS Search List List that keeps the list of RDNSS addresses and (ii) DNS Search List
that keeps the list of DNS search domain names. Each entry in these that keeps the list of DNS search domain names. Each entry in these
two lists consists of a pair of an RDNSS address (or DNSSL domain two lists consists of a pair of an RDNSS address (or DNSSL domain
name) and Expiration-time as follows: name) and Expiration-time as follows:
o RDNSS address for DNS Server List: IPv6 address of the Recursive o RDNSS address for DNS Server List: IPv6 address of the Recursive
skipping to change at page 10, line 32 skipping to change at page 10, line 44
domain names. domain names.
o Expiration-time for DNS Server List or DNS Search List: The time o Expiration-time for DNS Server List or DNS Search List: The time
when this entry becomes invalid. Expiration-time is set to the when this entry becomes invalid. Expiration-time is set to the
value of the Lifetime field of the RDNSS option or DNSSL option value of the Lifetime field of the RDNSS option or DNSSL option
plus the current time. Whenever a new RDNSS option with the same plus the current time. Whenever a new RDNSS option with the same
address (or DNSSL option with the same domain name) is received on address (or DNSSL option with the same domain name) is received on
the same interface as a previous RDNSS option (or DNSSL option), the same interface as a previous RDNSS option (or DNSSL option),
this field is updated to have a new Expiration-time. When the this field is updated to have a new Expiration-time. When the
current time becomes larger than Expiration-time, this entry is current time becomes larger than Expiration-time, this entry is
regarded as expired. Note that the DNS information for the RDNSS regarded as expired, so it should not be used any more. Note that
and DNSSL options need not be dropped if the expiry of the RA the DNS information for the RDNSS and DNSSL options need not be
router lifetime happens. This is because these options have their dropped if the expiry of the RA router lifetime happens. This is
own lifetime values. because these options have their own lifetime values.
6.2. Synchronization between DNS Server List and Resolver Repository 6.2. Synchronization between DNS Server List and Resolver Repository
When an IPv6 host receives the information of multiple RDNSS When an IPv6 host receives the information of multiple RDNSS
addresses within a network (e.g., campus network and company network) addresses within a network (e.g., campus network and company network)
through an RA message with RDNSS option(s), it stores the RDNSS through an RA message with RDNSS option(s), it stores the RDNSS
addresses (in order) into both the DNS Server List and the Resolver addresses (in order) into both the DNS Server List and the Resolver
Repository. The processing of the RDNSS consists of (i) the Repository. The processing of the RDNSS consists of (i) the
processing of RDNSS option(s) included in an RA message and (ii) the processing of RDNSS option(s) included in an RA message and (ii) the
handling of expired RDNSSes. The processing of RDNSS option(s) is as handling of expired RDNSSes. The processing of RDNSS option(s) is as
skipping to change at page 12, line 45 skipping to change at page 13, line 11
The Secure Neighbor Discovery (SEND) protocol [RFC3971] is designed The Secure Neighbor Discovery (SEND) protocol [RFC3971] is designed
as a security mechanism for ND. In this case, ND can use SEND to as a security mechanism for ND. In this case, ND can use SEND to
allow all the ND options including the RDNSS and DNSSL options to be allow all the ND options including the RDNSS and DNSSL options to be
automatically signed with digital signatures. automatically signed with digital signatures.
It is common for network devices such as switches to include It is common for network devices such as switches to include
mechanisms to block unauthorized ports from running a DHCPv6 server mechanisms to block unauthorized ports from running a DHCPv6 server
to provide protection from rogue DHCPv6 servers [RFC7610]. That to provide protection from rogue DHCPv6 servers [RFC7610]. That
means that an attacker on other ports cannot insert bogus DNS servers means that an attacker on other ports cannot insert bogus DNS servers
using DHCPv6. The corresponding technique for network devices is using DHCPv6. The corresponding technique for network devices is
RECOMMENDED to block rogue Router Advertisement messages [RFC6104] RECOMMENDED to block rogue Router Advertisement messages including
including the RDNSS and DNSSL options from unauthorized nodes. the RDNSS and DNSSL options from unauthorized nodes [RFC6104]
[RFC6105].
An attacker may provide a bogus DNS Search List option in order to An attacker may provide a bogus DNS Search List option in order to
cause the victim to send DNS queries to a specific DNS server when cause the victim to send DNS queries to a specific DNS server when
the victim queries non-FQDNs (fully qualified domain names). For the victim queries non-FQDNs (fully qualified domain names). For
this attack, the DNS resolver in IPv6 hosts can mitigate the this attack, the DNS resolver in IPv6 hosts can mitigate the
vulnerability with the recommendations mentioned in [RFC1535], vulnerability with the recommendations mentioned in [RFC1535],
[RFC1536], and [RFC3646]. [RFC1536], and [RFC3646].
8. IANA Considerations 8. IANA Considerations
The RDNSS option defined in this document uses the IPv6 Neighbor The RDNSS option defined in this document uses the IPv6 Neighbor
Discovery Option type defined in RFC 6106 [RFC6106], which was Discovery Option type assigned by the IANA as follows:
assigned by the IANA as follows:
Option Name Type Option Name Type
Recursive DNS Server Option 25 Recursive DNS Server Option 25
The DNSSL option defined in this document uses the IPv6 Neighbor The DNSSL option defined in this document uses the IPv6 Neighbor
Discovery Option type defined in RFC 6106 [RFC6106], which was Discovery Option type assigned by the IANA as follows:
assigned by the IANA as follows:
Option Name Type Option Name Type
DNS Search List Option 31 DNS Search List Option 31
These options have been registered in the "Internet Control Message These options are registered in the "Internet Control Message
Protocol version 6 (ICMPv6) Parameters" registry [ICMPv6]. Protocol version 6 (ICMPv6) Parameters" registry [ICMPv6].
9. Acknowledgements 9. Acknowledgements
This document has greatly benefited from inputs by Robert Hinden, This document has greatly benefited from inputs by Robert Hinden,
Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik Pekka Savola, Iljitsch van Beijnum, Brian Haberman, Tim Chown, Erik
Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony Nordmark, Dan Wing, Jari Arkko, Ben Campbell, Vincent Roca, Tony
Cheneau, Fernando Gont, Jen Linkova, Ole Troan, Mark Smith, Tatuya Cheneau, Fernando Gont, Jen Linkova, Ole Troan, Mark Smith, Tatuya
Jinmei, Lorenzo Colitti, Tore Anderson, David Farmer, Bing Liu, and Jinmei, Lorenzo Colitti, Tore Anderson, David Farmer, Bing Liu, and
Tassos Chatzithomaoglou. The authors sincerely appreciate their Tassos Chatzithomaoglou. The authors sincerely appreciate their
skipping to change at page 14, line 7 skipping to change at page 14, line 20
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H.
Soliman, "Neighbor Discovery for IP version 6 Soliman, "Neighbor Discovery for IP version 6
(IPv6)", RFC 4861, September 2007. (IPv6)", RFC 4861, September 2007.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6
Stateless Address Autoconfiguration", RFC 4862, Stateless Address Autoconfiguration", RFC 4862,
September 2007. September 2007.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain Names - Implementation and
specification", STD 13, RFC 1035, November 1987. Specification", STD 13, RFC 1035, November 1987.
[RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E.,
and B. Zill, "IPv6 Scoped Address Architecture", and B. Zill, "IPv6 Scoped Address Architecture",
RFC 4007, March 2005. RFC 4007, March 2005.
10.2. Informative References 10.2. Informative References
[RFC1034] Mockapetris, P., "Domain names - concepts and [RFC1034] Mockapetris, P., "Domain Names - Concepts and
facilities", STD 13, RFC 1034, November 1987. Facilities", STD 13, RFC 1034, November 1987.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration C., and M. Carney, "Dynamic Host Configuration
Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3736] Droms, R., "Stateless Dynamic Host Configuration [RFC3736] Droms, R., "Stateless Dynamic Host Configuration
Protocol (DHCP) Service for IPv6", RFC 3736, Protocol (DHCP) Service for IPv6", RFC 3736,
April 2004. April 2004.
[RFC3646] Droms, R., "DNS Configuration options for Dynamic [RFC3646] Droms, R., "DNS Configuration options for Dynamic
skipping to change at page 14, line 42 skipping to change at page 15, line 6
"IPv6 Router Advertisement Options for DNS "IPv6 Router Advertisement Options for DNS
Configuration", RFC 6106, November 2010. Configuration", RFC 6106, November 2010.
[RFC4339] Jeong, J., "IPv6 Host Configuration of DNS Server [RFC4339] Jeong, J., "IPv6 Host Configuration of DNS Server
Information Approaches", RFC 4339, February 2006. Information Approaches", RFC 4339, February 2006.
[RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander,
"SEcure Neighbor Discovery (SEND)", RFC 3971, "SEcure Neighbor Discovery (SEND)", RFC 3971,
March 2005. March 2005.
[RFC3118] Droms, R. and W. Arbaugh, "", RFC 3118, June 2001. [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001.
[RFC6104] Chown, T. and S. Venaas, "Rogue IPv6 Router [RFC6104] Chown, T. and S. Venaas, "Rogue IPv6 Router
Advertisement Problem Statement", RFC 6104, Advertisement Problem Statement", RFC 6104,
February 2011. February 2011.
[RFC6105] Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C.,
and J. Mohacsi, "IPv6 Router Advertisement Guard",
RFC 6105, February 2011.
[RFC7610] Gont, F., Liu, W., and G. Van de Velde, "DHCPv6- [RFC7610] Gont, F., Liu, W., and G. Van de Velde, "DHCPv6-
Shield: Protecting against Rogue DHCPv6 Servers", Shield: Protecting against Rogue DHCPv6 Servers",
RFC 7610, August 2015. RFC 7610, August 2015.
[RFC1535] Gavron, E., "A Security Problem and Proposed [RFC1535] Gavron, E., "A Security Problem and Proposed
Correction With Widely Deployed DNS Software", Correction With Widely Deployed DNS Software",
RFC 1535, October 1993. RFC 1535, October 1993.
[RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. [RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S.
Miller, "Common DNS Implementation Errors and Miller, "Common DNS Implementation Errors and
Suggested Fixes", RFC 1536, October 1993. Suggested Fixes", RFC 1536, October 1993.
[DHCPv6-SLAAC] Liu, B., Jiang, S., Gong, X., Wang, W., and E. Rey, [DHCPv6-SLAAC] Liu, B., Jiang, S., Gong, X., Wang, W., and E. Rey,
"DHCPv6/SLAAC Interaction Problems on Address and DNS "DHCPv6/SLAAC Interaction Problems on Address and DNS
Configuration", Work in Progress, February 2016. Configuration",
draft-ietf-v6ops-dhcpv6-slaac-problem-07 (work in
progress), August 2016.
[RFC6418] Blanchet, M. and P. Seite, "Multiple Interfaces and [RFC6418] Blanchet, M. and P. Seite, "Multiple Interfaces and
Provisioning Domains Problem Statement", RFC 6418, Provisioning Domains Problem Statement", RFC 6418,
November 2011. November 2011.
[RFC6419] Wasserman, M. and P. Seite, "Current Practices for [RFC6419] Wasserman, M. and P. Seite, "Current Practices for
Multiple-Interface Hosts", RFC 6419, November 2011. Multiple-Interface Hosts", RFC 6419, November 2011.
[RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved [RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved
Recursive DNS Server Selection for Multi-Interfaced Recursive DNS Server Selection for Multi-Interfaced
skipping to change at page 16, line 11 skipping to change at page 16, line 31
information is fresh before the expiry of the RDNSS option is information is fresh before the expiry of the RDNSS option is
removed in order to prevent multicast traffic on the link from removed in order to prevent multicast traffic on the link from
increasing. increasing.
o The addresses for recursive DNS servers in the RDNSS option can be o The addresses for recursive DNS servers in the RDNSS option can be
not only global addresses, but also link-local addresses. The not only global addresses, but also link-local addresses. The
link-local addresses for RDNSSes should be registered into the link-local addresses for RDNSSes should be registered into the
resolver repository along with the corresponding link zone resolver repository along with the corresponding link zone
indices. indices.
o The recommendation that at most three RDNSS addresses to maintain o RFC 6106 recommended that the number of RDNSS addresses that
by RDNSS options should be limited is removed. By this removal, should be learned and maintained through the RDNSS RA option
the number of RDNSSes to maintain is up to an implementer's local should be limited to three. This document removes that
policy. recommendation, thus the number of RDNSS addresses to maintain is
determined by an implementer's local policy.
o The recommendation that at most three DNS domains to maintain by o RFC 6106 recommended that the number of DNS search domains that
DNSSL options should be limited is removed. By this removal, when should be learned and maintained through the DNSSL RA option
the set of unique DNSSL values are not equivalent, none of them should be limited to three. This document removes that
are ignored for hostname lookups. recommendation, thus when the set of unique DNSSL values are not
equivalent, none of them may be ignored for hostname lookups
according to an implementer's local policy.
o The guidance of the specific implementation for the o The guidance of the specific implementation for the
synchronization of the DNS Repository and Resolver Repository on synchronization of the DNS Repository and Resolver Repository on
the kernel space and user space is removed. the kernel space and user space is removed.
o The usage of the keywords of SHOULD and RECOMMENDED in RFC 2119 is o The usage of the keywords of SHOULD and RECOMMENDED in RFC 2119 is
removed in the recommendation of using SEND for secure ND. removed in the recommendation of using SEND for secure ND.
Instead of using these keywords, SEND is specified as only a Instead of using these keywords, SEND is specified as only a
possible solution for secure ND. possible solution for secure ND.
 End of changes. 25 change blocks. 
39 lines changed or deleted 68 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/