Wednesday, November 25, 2009

Chapter 14: DNS Extensions for IPv6

In order for hosts running IPv6 to be supported by Domain Name System, changes are necessary. Some of the changes include a new resource record type to store an IPv6 address, a new domain to support lookups based on an IPv6 address, and updated definitions of existing query types that return Internet addresses as part of additional section processing.

Christian Huitema and Susan Thomson, both from Bellcore, submitted the "draft draft-ietf-ipngwg-aaaa-02.txt," on December 24, 1997, to the Internet community for comment. We believe this draft is very import for defining ans specifying DNS support for IPv6 and based this entire chapter on it. Credit goes, therefore, to Huitema and Thomson for the information of this chapter.

NOTE:

Susan Thomson can be contacted via e-mail for additional queries on this document at set@bellcore.com, and Christian Huitema can also be reached at huitema@bellcore.com.

We recommend you to check the "lid-abstracts.txt" listing contained in the Internet Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim) for updates to the draft "draft-ietf-ipngwg-aaaa-02.txt," in which we based this chapter .

This chapter briefly:

  • Explain the proposed new DNS extension for IPv6.
  • The new resource record definition and domain
  • Transition from RFC 1886 to the new format

The current support for the storage of Internet addresses in the Domain Name System (DNS) cannot easily be extended to support IPv6 addresses, since applications assume that address queries return 32-bit IPv4 addresses only. As Huitema explains in his book "IPv6: the New Internet Protocol," (1996) by Prentice Hall, "The IPv4 addresses are stored in records of type A (code 1),. Each A record contain one 32-bit address. A new resource record has been defined for IPv6.Because it contains one 128-bit address, and as such is four times larger than the A record, its type has been set to AAAA (code 28). " This chapter is about understanding this process of storing IPv6 addresses.

To support the storage of IPv6 addresses Huitema and Thomson define the following extensions:

  • A new resource record type is defined to map a domain name to an IPv6 address.
  • A new domain is defined to support lookups based on address.
  • Existing queries that perform additional section processing to locate IPv4 addresses are redefined to perform additional section processing on both IPv4 and IPv6 addresses.
  • The changes are designed to be compatible with existing software. The existing support for IPv4 addresses is retained.

New Resource Record Definition and Domain

A new record type is defined to store a system's IPv6 addresses. The new record contains the least significant bits of the host's IPv6 address. When the number of significant bits is lower than 128, the record also contains the domain name of another IPv6 system, which typically describes a complete subnet, or a complete site. The most significant bits will be copied from the IPv6 address of that system. If that system has several IPv6 addresses, the low bits of the host address will be combined with each prefix of the several addresses, resulting in as many IPv6 addresses for the host.

As you’re probably aware, a system may need several records if it is connected to several domains, as would be the case, for example, of a site connected to several providers, or of a host connected to different subnets.

The AAAA Record Type

The AAAA resource record type is a new record specific to the Internet class that stores the lower bits of a single IPv6 address and the name of a domain where to fetch the higher bits. The value of the type is 28 (decimal).

The AAAA data format

  • A 128 bit IPv6 address, encoded in network byte order (high-order byte first).
  • A prefix length, encoded as one single octet.
  • The domain name of the subnet, encoded as a domain name, possibly compressed as specified in RFC 1884. Note that the compression of the domain name saves space, but may cause problems if servers that don't understand the AAAA type cache this record.

Also note that the domain name component shall not be encoded if the length of the prefix is zero.

The AAAA Query

An AAAA query for a specified domain name in the Internet class returns all associated AAAA resource records in the answer section of a response. A type AAAA query does perform additional section processing, by returning the AAAA records associated to the domain names mentioned in the domain's AAAA records.

The Textual Format of AAAA Records

The textual representation of the data portion of the AAAA resource record used in a master database file is composed of three fields separated by white spaces:

  • The textual representation of the host's IPv6 address
  • A prefix length, represented as a decimal number,
  • A domain name.

IP6.INT Domain

A special domain is defined to look up a record given an address. The intent of this domain is to provide a way of mapping an IPv6 address to a host name as the IPv6 addresses do not have natural boundaries, although it may be used for other purposes as well.

Therefore, the numeric names are built by first representing the address as a sequence of hexadecimal digits, then reversing their order, separating them by dots, and appending the suffix .IP6.INT. Thus, as Huitema exemplify in his book above mentioned, an IPv6 address such as 4321:0:1:2:3:4:567:89ab will be represented in the domain name system as

b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6.INT.

Modifications to Existing Query Types

All existing query types that perform type A additional section processing, i.e. name server (NS), mail exchange (MX) and mailbox (MB) query types, must be redefined to perform both type A and type AAAA additional section processing. These new definitions mean that a name server must add any relevant IPv4 addresses and any relevant IPv6 addresses available locally to the additional section of a response when processing any one of the above queries.

Transition From RFC-1886 To New Format

The new specification of the AAAA record allows domain managers to only specify the lower bits of the IPv6 address in the AAAA record. The upper, or most significant, bits, will be derived from the AAAA record of the subnet. This new format is designed to better support network renumbering and network multi-homing, while preserving some degree of compatibility with the existing records.

Transition strategies

The new AAAA format is an extension of the format specified in RFC 1886. Systems have already be deployed that implement RFC 1886. These old systems will not be able to understand the new format, while updated systems will still be capable of understanding the old records. This suggest a two-phase transition strategy:

  1. To develop resolvers that understand the new record format, but ban actual usage of the new format in the DNS, except for test purposes.
  2. When the new resolvers have been deployed, start usage of the indirection capabilities provided by the new format.

Security Considerations

The AAAA and DBIT records can be secured by using the DNS security procedures. The signature of the AAAA record only proves that the record is genuine, the manager of the specified domain has inserted i.e. in the DNS. The signature of the NS and SOA records in the inverse tree can be used to check the validity of the address delegation.

From Here

Sustained exponential growth of the Internet and increasing use if TCP/IP technology within Intranets is exhausting the existing IP address space. The next chapter, "IP Addressing Management: Working with IPv4 and IPv6," discusses the issues behind the need for renumbering and some of its strategies. The next chapter discusses:

  • Introduces some reasons for renumbering network components and briefly discusses some Internet Architecture Board (IAB) recommendations to make renumbering more feasible
  • Summarizes some renumbering strategies to consider as you plan your transition to IPv6.
  • Very briefly summarizes the use of subnetting as a method for dealing with the shortage of IP addresses. Subnetting consists of taking a block of IP addresses assigned to a network and dividing and spreading out those addresses among separate, often variable length smaller networks.
  • Introduces Classless Inter-Domain Routing (CIDR) as a way to consolidate addresses and minimize the number of routing table entries. The CIDR address structure accomplishes this by allowing the aggregation of routes to reduce the pressure on the global Internet routers.
  • Describes the use of private networks as a way to reduce the impact of changing the addressing scheme and migrating to IPv6. When you have a private network, the entire network is built from unregistered IP addresses.
  • Discusses using the Dynamic Host Configuration Protocol for handling IP addressing for a number of computers using a smaller number of actual address.
  • Briefly describes how Vitual Local Area Networks (VLANS) and DHCP effect addressing and routing issues within and across domains.
  • Briefly introduces Network Address Translator (NAT) as an alternative method of address management that could help cross the bridge between IPv4 and IPv6. ) Using a NAT implementation for address management allows you to reuse IP addresses when connecting private network hosts to the internet. A NAT implementation also helps with address renumbering issues when changing ISPs or migrating an enterprise to IPv6.
  • Provides a short list of companies that have IP address management tools and utilities that you might be able to use.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)