draft-ietf-dnsop-ipv6-dns-issues-09.txt

bind 9.3结合mysql数据库

8.2  Renumbering Procedures and Applications' Use of DNS


   One of the most difficult problems of systematic IP address
   renumbering procedures [I-D.ietf-v6ops-renumbering-procedure] is that
   an application which looks up a DNS name disregards information such
   as TTL, and uses the result obtained from DNS as long as it happens
   to be stored in the memory of the application.  For applications
   which run for a long time, this could be days, weeks or even months;
   some applications may be clever enough to organize the data
   structures and functions in such a manner that look-ups get refreshed
   now and then.


   While the issue appears to have a clear solution, "fix the
   applications", practically this is not reasonable immediate advice;
   the TTL information is not typically available in the APIs and
   libraries (so, the advice becomes "fix the applications, APIs and
   libraries"), and a lot more analysis is needed on how to practically
   go about to achieve the ultimate goal of avoiding using the names
   longer than expected.


9.  Acknowledgements


   Some recommendations (Section 4.3, Section 5.1) about IPv6 service
   provisioning were moved here from [I-D.ietf-v6ops-mech-v2] by Erik
   Nordmark and Bob Gilligan.  Havard Eidnes and Michael Patton provided
   useful feedback and improvements.  Scott Rose, Rob Austein, Masataka
   Ohta, and Mark Andrews helped in clarifying the issues regarding
   additional data and the use of TTL.  Jefsey Morfin, Ralph Droms,
   Peter Koch, Jinmei Tatuya, Iljitsch van Beijnum, Edward Lewis, and
   Rob Austein provided useful feedback during the WG last call.  Thomas
   Narten provided extensive feedback during the IESG evaluation.


10.  Security Considerations


   This document reviews the operational procedures for IPv6 DNS




Durand, et al.          Expires February 7, 2005               [Page 22]
Internet-Draft    Considerations and Issues with IPv6 DNS    August 2004



   operations and does not have security considerations in itself.


   However, it is worth noting that in particular with Dynamic DNS
   Updates, security models based on the source address validation are
   very weak and cannot be recommended -- they could only be considered
   in the environments where ingress filtering [RFC3704] has been
   deployed.  On the other hand, it should be noted that setting up an
   authorization mechanism (e.g., a shared secret, or public-private
   keys) between a node and the DNS server has to be done manually, and
   may require quite a bit of time and expertise.


   To re-emphasize which was already stated, the reverse+forward DNS
   check provides very weak security at best, and the only
   (questionable) security-related use for them may be in conjunction
   with other mechanisms when authenticating a user.


11.  References


11.1  Normative References


   [I-D.ietf-dnsop-ipv6-dns-configuration]
              Jeong, J., "IPv6 Host Configuration of DNS Server
              Information Approaches",
              draft-ietf-dnsop-ipv6-dns-configuration-02 (work in
              progress), July 2004.


   [I-D.ietf-dnsop-ipv6-transport-guidelines]
              Durand, A. and J. Ihren, "DNS IPv6 transport operational
              guidelines", draft-ietf-dnsop-ipv6-transport-guidelines-02
              (work in progress), March 2004.


   [I-D.ietf-dnsop-misbehavior-against-aaaa]
              Morishita, Y. and T. Jinmei, "Common Misbehavior against
              DNS Queries for IPv6 Addresses",
              draft-ietf-dnsop-misbehavior-against-aaaa-01 (work in
              progress), April 2004.


   [I-D.ietf-ipv6-deprecate-site-local]
              Huitema, C. and B. Carpenter, "Deprecating Site Local
              Addresses", draft-ietf-ipv6-deprecate-site-local-03 (work
              in progress), March 2004.


   [I-D.ietf-v6ops-application-transition]
              Shin, M., "Application Aspects of IPv6 Transition",
              draft-ietf-v6ops-application-transition-03 (work in
              progress), June 2004.


   [I-D.ietf-v6ops-renumbering-procedure]




Durand, et al.          Expires February 7, 2005               [Page 23]
Internet-Draft    Considerations and Issues with IPv6 DNS    August 2004



              Baker, F., Lear, E. and R. Droms, "Procedures for
              Renumbering an IPv6 Network without a Flag Day",
              draft-ietf-v6ops-renumbering-procedure-01 (work in
              progress), July 2004.


   [RFC2136]  Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
              Updates in the Domain Name System (DNS UPDATE)", RFC 2136,
              April 1997.


   [RFC2181]  Elz, R. and R. Bush, "Clarifications to the DNS
              Specification", RFC 2181, July 1997.


   [RFC2182]  Elz, R., Bush, R., Bradner, S. and M. Patton, "Selection
              and Operation of Secondary DNS Servers", BCP 16, RFC 2182,
              July 1997.


   [RFC2462]  Thomson, S. and T. Narten, "IPv6 Stateless Address
              Autoconfiguration", RFC 2462, December 1998.


   [RFC2671]  Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC
              2671, August 1999.


   [RFC3007]  Wellington, B., "Secure Domain Name System (DNS) Dynamic
              Update", RFC 3007, November 2000.


   [RFC3041]  Narten, T. and R. Draves, "Privacy Extensions for
              Stateless Address Autoconfiguration in IPv6", RFC 3041,
              January 2001.


   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, February 2001.


   [RFC3152]  Bush, R., "Delegation of IP6.ARPA", BCP 49, RFC 3152,
              August 2001.


   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and
              M. Carney, "Dynamic Host Configuration Protocol for IPv6
              (DHCPv6)", RFC 3315, July 2003.


   [RFC3363]  Bush, R., Durand, A., Fink, B., Gudmundsson, O. and T.
              Hain, "Representing Internet Protocol version 6 (IPv6)
              Addresses in the Domain Name System (DNS)", RFC 3363,
              August 2002.


   [RFC3364]  Austein, R., "Tradeoffs in Domain Name System (DNS)
              Support for Internet Protocol version 6 (IPv6)", RFC 3364,
              August 2002.





Durand, et al.          Expires February 7, 2005               [Page 24]
Internet-Draft    Considerations and Issues with IPv6 DNS    August 2004



   [RFC3513]  Hinden, R. and S. Deering, "Internet Protocol Version 6
              (IPv6) Addressing Architecture", RFC 3513, April 2003.


   [RFC3596]  Thomson, S., Huitema, C., Ksinant, V. and M. Souissi, "DNS
              Extensions to Support IP Version 6", RFC 3596, October
              2003.


   [RFC3646]  Droms, R., "DNS Configuration options for Dynamic Host
              Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
              December 2003.


   [RFC3736]  Droms, R., "Stateless Dynamic Host Configuration Protocol
              (DHCP) Service for IPv6", RFC 3736, April 2004.


11.2  Informative References


   [I-D.durand-v6ops-natpt-dns-alg-issues]
              Durand, A., "Issues with NAT-PT DNS ALG in RFC2766",
              draft-durand-v6ops-natpt-dns-alg-issues-00 (work in
              progress), February 2003.


   [I-D.huitema-v6ops-teredo]
              Huitema, C., "Teredo: Tunneling IPv6 over UDP through
              NATs", draft-huitema-v6ops-teredo-02 (work in progress),
              June 2004.


   [I-D.huston-6to4-reverse-dns]
              Huston, G., "6to4 Reverse DNS",
              draft-huston-6to4-reverse-dns-02 (work in progress), April
              2004.


   [I-D.ietf-dhc-ddns-resolution]
              Stapp, M., "Resolution of DNS Name Conflicts Among DHCP
              Clients", draft-ietf-dhc-ddns-resolution-07 (work in
              progress), July 2004.


   [I-D.ietf-dhc-fqdn-option]
              Stapp, M. and Y. Rekhter, "The DHCP Client FQDN Option",
              draft-ietf-dhc-fqdn-option-07 (work in progress), July
              2004.


   [I-D.ietf-dnsext-dhcid-rr]
              Stapp, M., Lemon, T. and A. Gustafsson, "A DNS RR for
              encoding DHCP information (DHCID RR)",
              draft-ietf-dnsext-dhcid-rr-08 (work in progress), July
              2004.


   [I-D.ietf-dnsop-bad-dns-res]




Durand, et al.          Expires February 7, 2005               [Page 25]
Internet-Draft    Considerations and Issues with IPv6 DNS    August 2004



              Larson, M. and P. Barber, "Observed DNS Resolution
              Misbehavior", draft-ietf-dnsop-bad-dns-res-02 (work in
              progress), July 2004.


   [I-D.ietf-dnsop-dontpublish-unreachable]
              Hazel, P., "IP Addresses that should never appear in the
              public DNS", draft-ietf-dnsop-dontpublish-unreachable-03
              (work in progress), February 2002.


   [I-D.ietf-dnsop-inaddr-required]
              Senie, D., "Requiring DNS IN-ADDR Mapping",
              draft-ietf-dnsop-inaddr-required-05 (work in progress),
              April 2004.


   [I-D.ietf-ipseckey-rr]
              Richardson, M., "A method for storing IPsec keying
              material in DNS", draft-ietf-ipseckey-rr-11 (work in
              progress), July 2004.


   [I-D.ietf-ipv6-unique-local-addr]
              Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
              Addresses", draft-ietf-ipv6-unique-local-addr-05 (work in
              progress), June 2004.


   [I-D.ietf-send-cga]
              Aura, T., "Cryptographically Generated Addresses (CGA)",
              draft-ietf-send-cga-06 (work in progress), April 2004.


   [I-D.ietf-v6ops-3gpp-analysis]
              Wiljakka, J., "Analysis on IPv6 Transition in 3GPP
              Networks", draft-ietf-v6ops-3gpp-analysis-10 (work in
              progress), May 2004.


   [I-D.ietf-v6ops-mech-v2]
              Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms
              for IPv6 Hosts and Routers", draft-ietf-v6ops-mech-v2-04
              (work in progress), July 2004.


   [I-D.ietf-v6ops-onlinkassumption]
              Roy, S., Durand, A. and J. Paugh, "IPv6 Neighbor Discovery
              On-Link Assumption Considered Harmful",
              draft-ietf-v6ops-onlinkassumption-02 (work in progress),
              May 2004.


   [I-D.ietf-v6ops-v6onbydefault]
              Roy, S., Durand, A. and J. Paugh, "Issues with Dual Stack
              IPv6 on by Default", draft-ietf-v6ops-v6onbydefault-03
              (work in progress), July 2004.




Durand, et al.          Expires February 7, 2005               [Page 26]
Internet-Draft    Considerations and Issues with IPv6 DNS    August 2004



   [I-D.jeong-dnsop-ipv6-dns-discovery]
              Jeong, J., "IPv6 DNS Discovery based on Router
              Advertisement", draft-jeong-dnsop-ipv6-dns-discovery-02
              (work in progress), July 2004.


   [I-D.moore-6to4-dns]
              Moore, K., "6to4 and DNS", draft-moore-6to4-dns-03 (work
              in progress), October 2002.


   [I-D.ohta-preconfigured-dns]
              Ohta, M., "Preconfigured DNS Server Addresses",
              draft-ohta-preconfigured-dns-01 (work in progress),
              February 2004.


   [I-D.savola-v6ops-6bone-mess]
              Savola, P., "Moving from 6bone to IPv6 Internet",
              draft-savola-v6ops-6bone-mess-01 (work in progress),
              November 2002.


   [RFC2766]  Tsirtsis, G. and P. Srisuresh, "Network Address
              Translation - Protocol