Internet-Draft | The SRv6 DNS RR | September 2023 |
Eastlake & Song | Expires 1 April 2024 | [Page] |
A Domain Name System (DNS) Resource Record (RR) Type is specified for storing IPv6 Segment Routing (SRv6) Information in the DNS.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 1 April 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Domain Name System (DNS) is a hierarchical, distributed, highly available database with a variety of security features [RFC4034] [RFC4035] used for bi-directional mapping between domain names and addresses, for email routing, and for other information [RFC1034] [RFC1035]. This data is formatted into resource records (RRs) whose content type and structure are indicated by the RR Type field. General familiarity with the DNS and its terminology [RFC8499] is assumed in this document.¶
Internet Protocol versions 4 (IPv4, [RFC0791]) and 6 (IPv6, [RFC8200]) have long provided header options that support including an ordered sequence of addresses in a packet header so the packet travels in order through the nodes specified by that sequence of addresses. This is sometimes referred to as "source routing" because the route or path the packet follows is set, at least in part, when the sequence of addresses is added to the packet, usually at the packet's source, rather than being dynamically determined as the packet proceeds through the network.¶
IPv6 Segment Routing (SRv6, [RFC8402]) extends "source routing" by generalizing the IPv6 sized "address" quantities in a source "routing" sequence to be "instructions". [RFC8754] specifies a particular Segment Routing Header (SRH) that may be use used as part of the headers of an IPv6 packet to indicate an IPv6 Segment Routing sequence of addresses / instructions. And [RFC8986] further specifies the structuring of an IPv6 address size quantity such that it may be composed of addressing information followed by a function designation which is optionally further followed by arguments to that function. Thus, segment routing might encode a series of operations to be performed on a packet.¶
Furthermore, because a sequence of SRv6 instructions may all start with the same constant addressing prefix, methods of compression have been specified [Compress] to represent this addressing prefix less often and pack an increased number of quantities into a Segment Routing Header where each quantity may consist optionally of additional address information and/or function designation and/or function arguments.¶
This document specifies a SRV6 RR Type to return a sequence of IPv6 Segment Routing addresses / instructions and optionally other data.¶
In many ways, the data returned for an SRV6 DNS RR is like an address. This RR supports a DNS client querying for SRV6 RRs at a name, inserting returned SRv6 information into the header of an IPv6 packet, and transmitting that packet so addressed. It would also be reasonable for an application using SRv6 to do a type SRV DNS query [RFC2782] followed by an SRV6 query at the resulting domain name if it was in a domain where SRv6 was in use. Furthermore, as a fall back, if no SRV6 RR is present in the DNS at a domain name, a client application whose SRV6 query has failed could query for the AAAA IPv6 address RR type.¶
Segment Routing is intended to be used in a limited domain compared with the global Internet. Furthermore, the DNS is commonly thought of as the source for global Internet addressing. However, most DNS servers can be easily configured in a network so that some names are only visible locally and some RRs are only delivered locally.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The following acronyms are used in this document:¶
The SRV6 RR type enables the storage and retrieval of an ordered sequence of SRv6 quantities each of which is the size of an IPv6 [RFC8200] address. The RDATA for this type of RR is a set of fields followed by a sequence of such quantities followed by optional data (see Figure 1) and will be ( 4 + N*16 + Opt) bytes long, where N is the number of such quantities present and Opt is the length of the optional data.¶
The RR Type Code for the SRV6 RR is TBD1.¶
The RDATA consists of a segment count followed by a flags byte, a 2 byte tag, and then one or more 128-bit SRv6 SIDs followed by optional TLV data, all as further detailed as follows:¶
If the RDATA length is less than (4 + (SID Count)*16) or if the Optional TLVs do not parse as SRH TLVs, then the RR is malformed and MUST be ignored.¶
Circumstances and/or future definition of flags and TLV types may require, when an IPv6 packet header is contructed based on an SRV6 RR, that some SRH FLags be set or clear regardless of the SRH Flags RR field and/or that some SRH TLVs be included or excluded regardless of the Optional TLV in the SRH RR.¶
The suggestions and comments of the following persons are gratefully acknowledged:¶
tbd¶
IANA is requested to assign an SRV6 RR Type (TBD1) as in the template in Appendix A.¶
For information on DNS features that improve the authentication of retrieved RRs, see [RFC4034] and [RFC4035].¶
For SRv6 Security Considerations, see [RFC8402] and Section 5 of [RFC8754]. For Security Considerations of SRv6 Network Programming, see [RFC8986]¶
A. Submission Date: tbd B.1 Submission Type: [X] New RRTYPE [ ] Modification to RRTYPE B.2 Kind of RR: [X] Data RR [ ] Meta-RR C. Contact Information for submitter (will be publicly posted): Name: Donald Eastlake Email Address: d3e3e3@gmail.com International telephone number: +1-508-333-2270 Other contact handles: D. Motivation for the new RRTYPE application. Enable storeage of IPv6 Segment Routing sequences in the DNS. E. Description of the proposed RR type. See draft-eastlake-dnsop-rrtype-srv6 F. What existing RRTYPE or RRTYPEs come closest to filling that need and why are they unsatisfactory? Perhaps AAAA but that only returns a single IPv6 address, not an ordered sequence of IPv6 sized SRv6 instructions. G. What mnemonic is requested for the new RRTYPE (optional)? SRV6 H. Does the requested RRTYPE make use of any existing IANA registry or require the creation of a new IANA subregistry in DNS Parameters? If so, please indicate which registry is to be used or created. If a new subregistry is needed, specify the allocation policy for it and its initial contents. Does not use any existing registry and does not create a new registry. I. Does the proposal require/expect any changes in DNS servers/resolvers that prevent the new type from being processed as an unknown RRTYPE (see [RFC3597])? No. J. Comments: None.¶