296 lines
8.4 KiB
Plaintext
296 lines
8.4 KiB
Plaintext
|
|
|||
|
|
|||
|
|
|||
|
Internet Engineering Task Force Akira Kato, WIDE
|
|||
|
INTERNET-DRAFT Paul Vixie, ISC
|
|||
|
Expires: August 24, 2003 February 24, 2003
|
|||
|
|
|||
|
|
|||
|
Operational Guidelines for "local" zones in the DNS
|
|||
|
draft-kato-dnsop-local-zones-00.txt
|
|||
|
|
|||
|
Status of this Memo
|
|||
|
|
|||
|
|
|||
|
This document is an Internet-Draft and is in full conformance with all
|
|||
|
provisions of Section 10 of RFC2026.
|
|||
|
|
|||
|
Internet-Drafts are working documents of the Internet Engineering Task
|
|||
|
Force (IETF), its areas, and its working groups. Note that other groups
|
|||
|
may also distribute working documents as Internet-Drafts.
|
|||
|
|
|||
|
Internet-Drafts are draft documents valid for a maximum of six months
|
|||
|
and may be updated, replaced, or obsoleted by other documents at any
|
|||
|
time. It is inappropriate to use Internet-Drafts as reference material
|
|||
|
or to cite them other than as ``work in progress.''
|
|||
|
|
|||
|
To view the list Internet-Draft Shadow Directories, see
|
|||
|
http://www.ietf.org/shadow.html.
|
|||
|
|
|||
|
Distribution of this memo is unlimited.
|
|||
|
|
|||
|
The internet-draft will expire in 6 months. The date of expiration will
|
|||
|
be August 24, 2003.
|
|||
|
|
|||
|
|
|||
|
Abstract
|
|||
|
|
|||
|
A large number of DNS queries regarding to the "local" zones are sent
|
|||
|
over the Internet in every second. This memo describes operational
|
|||
|
guidelines to reduce the unnecessary DNS traffic as well as the load of
|
|||
|
the Root DNS Servers.
|
|||
|
|
|||
|
1. Introduction
|
|||
|
|
|||
|
While it has yet been described in a RFC, .local is used to provide a
|
|||
|
local subspace of the DNS tree. Formal delegation process has not been
|
|||
|
completed for this TLD. In spite of this informal status, .local has
|
|||
|
been used in many installations regardless of the awareness of the
|
|||
|
users. Usually, the local DNS servers are not authoritative to the
|
|||
|
.local domain, they end up to send queries to the Root DNS Servers.
|
|||
|
|
|||
|
There are several other DNS zones which describe the "local"
|
|||
|
information. .localhost has been used to describe the localhost for
|
|||
|
more than a couple of decades and virtually all of the DNS servers are
|
|||
|
configured authoritative for .localhost and its reverse zone .127.in-
|
|||
|
|
|||
|
|
|||
|
KATO Expires: August 24, 2003 [Page 1]
|
|||
|
|
|||
|
|
|||
|
DRAFT DNS local zones February 2003
|
|||
|
|
|||
|
addr.arpa. However, there are other "local" zones currently used in the
|
|||
|
Internet or Intranets connected to the Internet through NATs or similar
|
|||
|
devices.
|
|||
|
|
|||
|
At a DNS server of an university in Japan, half of the DNS queries sent
|
|||
|
to one of the 13 Root DNS Servers were regarding to the .local. At
|
|||
|
another DNS Server running in one of the Major ISPs in Japan, the 1/4
|
|||
|
were .local. If those "local" queries are able to direct other DNS
|
|||
|
servers than Root, or they can be resolved locally, it contributes the
|
|||
|
reduction of the Root DNS Servers.
|
|||
|
|
|||
|
2. Rationale
|
|||
|
|
|||
|
Any DNS queries regarding to "local" names should not be sent to the DNS
|
|||
|
servers on the Internet.
|
|||
|
|
|||
|
3. Operational Guidelines
|
|||
|
|
|||
|
Those queries should be processed at the DNS servers internal to each
|
|||
|
site so that the severs respond with NXDOMAIN rather than sending
|
|||
|
queries to the DNS servers outside.
|
|||
|
|
|||
|
The "local" names have common DNS suffixes which are listed below:
|
|||
|
|
|||
|
3.1. Local host related zones:
|
|||
|
|
|||
|
Following two zones are described in [Barr, 1996] and .localhost is also
|
|||
|
defined in [Eastlake, 1999] .
|
|||
|
|
|||
|
o .localhost
|
|||
|
o .127.in-addr.arpa
|
|||
|
|
|||
|
|
|||
|
Following two zones are for the loopback address in IPv6 [Hinden, 1998]
|
|||
|
. While the TLD for IPv6 reverse lookup is .arpa as defined in [Bush,
|
|||
|
2001] , the old TLD .int has been used for this purpose for years
|
|||
|
[Thomson, 1995] and many implementations still use .int. So it is
|
|||
|
suggested that both zones should be provided for each IPv6 reverse
|
|||
|
lookup zone for a while.
|
|||
|
|
|||
|
o 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int
|
|||
|
o 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
|
|||
|
|
|||
|
|
|||
|
3.2. Locally created name space
|
|||
|
|
|||
|
While the use of .local has been proposed in several Internet-Drafts, it
|
|||
|
has not been described in any Internet documents with formal status.
|
|||
|
However, the amount of the queries for .local is much larger than
|
|||
|
others, it is suggested to resolve the following zone locally:
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
KATO Expires: August 24, 2003 [Page 2]
|
|||
|
|
|||
|
|
|||
|
DRAFT DNS local zones February 2003
|
|||
|
|
|||
|
o .local
|
|||
|
|
|||
|
|
|||
|
|
|||
|
3.3. Private or site-local addresses
|
|||
|
|
|||
|
The following IPv4 "private" addresses [Rekhter, 1996] and IPv6 site-
|
|||
|
local addresses [Hinden, 1998] should be resolved locally:
|
|||
|
|
|||
|
o 10.in-addr.arpa
|
|||
|
o 16.172.in-addr.arpa
|
|||
|
o 17.172.in-addr.arpa
|
|||
|
o 18.172.in-addr.arpa
|
|||
|
o 19.172.in-addr.arpa
|
|||
|
o 20.172.in-addr.arpa
|
|||
|
o 21.172.in-addr.arpa
|
|||
|
o 22.172.in-addr.arpa
|
|||
|
o 23.172.in-addr.arpa
|
|||
|
o 24.172.in-addr.arpa
|
|||
|
o 25.172.in-addr.arpa
|
|||
|
o 26.172.in-addr.arpa
|
|||
|
o 27.172.in-addr.arpa
|
|||
|
o 28.172.in-addr.arpa
|
|||
|
o 29.172.in-addr.arpa
|
|||
|
o 30.172.in-addr.arpa
|
|||
|
o 31.172.in-addr.arpa
|
|||
|
o 168.192.in-addr.arpa
|
|||
|
o c.e.f.ip6.int
|
|||
|
o d.e.f.ip6.int
|
|||
|
o e.e.f.ip6.int
|
|||
|
o f.e.f.ip6.int
|
|||
|
o c.e.f.ip6.arpa
|
|||
|
o d.e.f.ip6.arpa
|
|||
|
o e.e.f.ip6.arpa
|
|||
|
o f.e.f.ip6.arpa
|
|||
|
|
|||
|
|
|||
|
3.4. Link-local addresses
|
|||
|
|
|||
|
The link-local address blocks for IPv4 [IANA, 2002] and IPv6 [Hinden,
|
|||
|
1998] should be resolved locally:
|
|||
|
|
|||
|
o 254.169.in-addr.arpa
|
|||
|
o 8.e.f.ip6.int
|
|||
|
o 9.e.f.ip6.int
|
|||
|
o a.e.f.ip6.int
|
|||
|
o b.e.f.ip6.int
|
|||
|
o 8.e.f.ip6.arpa
|
|||
|
o 9.e.f.ip6.arpa
|
|||
|
o a.e.f.ip6.arpa
|
|||
|
o b.e.f.ip6.arpa
|
|||
|
|
|||
|
|
|||
|
|
|||
|
KATO Expires: August 24, 2003 [Page 3]
|
|||
|
|
|||
|
|
|||
|
DRAFT DNS local zones February 2003
|
|||
|
|
|||
|
4. Suggestions to developers
|
|||
|
|
|||
|
4.1. Suggestions to DNS software implementors
|
|||
|
|
|||
|
In order to avoid unnecessary traffic, it is suggested that DNS software
|
|||
|
implementors provide configuration templates or default configurations
|
|||
|
so that the names described in the previous section are resolved locally
|
|||
|
rather than sent to other DNS servers in the Internet.
|
|||
|
|
|||
|
4.2. Suggestions to developers of NATs or similar devices
|
|||
|
|
|||
|
There are many NAT or similar devices available in the market.
|
|||
|
Regardless of the availability of DNS Servers in those devices, it is
|
|||
|
suggested that those devices are able to filter the DNS traffic or
|
|||
|
respond to the DNS traffic related to "local" zones by configuration
|
|||
|
regardless of its ability of DNS service. It is suggested that this
|
|||
|
functionality is activated by default.
|
|||
|
|
|||
|
5. IANA Consideration
|
|||
|
|
|||
|
While .local TLD has yet defined officially, there are substantial
|
|||
|
queries to the Root DNS Servers as of writing. About 1/4 to 1/2% of the
|
|||
|
traffic sent to the Root DNS Servers are related to the .local zone.
|
|||
|
Therefore, while it is not formally defined, it is suggested that IANA
|
|||
|
delegates .local TLD to an organization.
|
|||
|
|
|||
|
The AS112 Project [Vixie, ] serves authoritative DNS service for RFC1918
|
|||
|
address and the link-local address. It has several DNS server instances
|
|||
|
around the world by using BGP Anycast [Hardie, 2002] . So the AS112
|
|||
|
Project is one of the candidates to host the .local TLD.
|
|||
|
|
|||
|
Authors' addresses
|
|||
|
|
|||
|
Akira Kato
|
|||
|
The University of Tokyo, Information Technology Center
|
|||
|
2-11-16 Yayoi Bunkyo
|
|||
|
Tokyo 113-8658, JAPAN
|
|||
|
Tel: +81 3-5841-2750
|
|||
|
Email: kato@wide.ad.jp
|
|||
|
|
|||
|
|
|||
|
Paul Vixie
|
|||
|
Internet Software Consortium
|
|||
|
950 Charter Street
|
|||
|
Redwood City, CA 94063, USA
|
|||
|
Tel: +1 650-779-7001
|
|||
|
Email: vixie@isc.org
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
KATO Expires: August 24, 2003 [Page 4]
|
|||
|
|
|||
|
|
|||
|
DRAFT DNS local zones February 2003
|
|||
|
|
|||
|
References
|
|||
|
|
|||
|
To be filled
|
|||
|
|
|||
|
References
|
|||
|
|
|||
|
Barr, 1996.
|
|||
|
D. Barr, "Common DNS Operational and Configuration Errors" in RFC1912
|
|||
|
(February 1996).
|
|||
|
|
|||
|
Eastlake, 1999.
|
|||
|
D. Eastlake, "Reserved Top Level DNS Names" in RFC2606 (June 1999).
|
|||
|
|
|||
|
Hinden, 1998.
|
|||
|
R. Hinden and S. Deering, "IP Version 6 Addressing Architecture" in
|
|||
|
RFC2373 (July 1998).
|
|||
|
|
|||
|
Bush, 2001.
|
|||
|
R. Bush, "Delegation of IP6.ARPA" in RFC3152 (August 2001).
|
|||
|
|
|||
|
Thomson, 1995.
|
|||
|
S. Thomson and C. Huitema, "DNS Extensions to support IP version 6" in
|
|||
|
RFC1886 (December 1995).
|
|||
|
|
|||
|
Rekhter, 1996.
|
|||
|
Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear,
|
|||
|
"Address Allocation for Private Internets" in RFC1918 (February 1996).
|
|||
|
|
|||
|
IANA, 2002.
|
|||
|
IANA, "Special-Use IPv4 Addresses" in RFC3330 (September 2002).
|
|||
|
|
|||
|
Vixie, .
|
|||
|
P. Vixie, "AS112 Project" in AS112. http://www.as112.net/.
|
|||
|
|
|||
|
Hardie, 2002.
|
|||
|
T. Hardie, "Distributing Authoritative Name Servers via Shared Unicast
|
|||
|
Addresses" in RFC3258 (April 2002).
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
KATO Expires: August 24, 2003 [Page 5]
|
|||
|
|