TOC 
Host Identity ProtocolO. Ponomarev
Internet-DraftA. Gurtov
Intended status: ExperimentalHelsinki Institute for Information
Expires: July 23, 2009Technology
 January 19, 2009


Using DNS as an Access Protocol for Mapping Host Identitity Tags to IP addresses
draft-ponomarev-hip-hit2ip-00

Status of this Memo

This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on July 23, 2009.

Copyright Notice

Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.

Abstract

This document proposes a mechanism to access and manage Host Identity Tag (HIT) to IP address mappings using the Domain Name System (DNS).



Table of Contents

1.  Introduction
2.  HIT to IP addresses mappings in the DNS
    2.1.  Preconfigured Domain
    2.2.  Listing IP Addresses of the System
    2.3.  Link to another domain
    2.4.  Managing the Records
3.  Security Considerations
4.  Normative References
§  Authors' Addresses




 TOC 

1.  Introduction

One of the approaches to use legacy applications[RFC5338] (Henderson, T., Nikander, P., and M. Komu, “Using the Host Identity Protocol with Legacy Applications,” September 2008.) with Host Identity Protocol[RFC4423] (Moskowitz, R. and P. Nikander, “Host Identity Protocol (HIP) Architecture,” May 2006.) is to use HIT as IPv6 address. The application may receive them from the nameserver, store internally and connect directly to a HIT. The HIP software would receive packet with HIT as a destination IPv6 address without any additional information about the current locator and therefore some HIT resolution service is needed in this case. This document suggests the DNS as an access protocol to such a service and proposes the usage conventions.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).



 TOC 

2.  HIT to IP addresses mappings in the DNS

Domain Name System is well-known to systems administators and there is much experience with operations under high load. It also allows dynamic modifications to reflect the changes of IP addresses and has low overhead when compared to many other protocols. It is used now, for example, to get IP address reputations from various blacklists.



 TOC 

2.1.  Preconfigured Domain

The systems using this method MUST have the same domain pre-configured, for example hit-to-ip.example.net. A HIT is represented as a sequence of nibbles separated by dots and followed by the suffix similarly to IPv6 addresses in ip6.arpa[RFC3596] (Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, “DNS Extensions to Support IP Version 6,” October 2003.)

For example, the domain name corresponding to the HIT

2001:10:1234:5678:9abc:def0:1234:5678

would be

8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
                                                hit-to-ip.example.net


 TOC 

2.2.  Listing IP Addresses of the System

The A/AAAA resource record types MAY be used to specify the IP/IPv6 addresses of the system. There MAY be multiple locators listed for a HIT.

For example, the system with IP address 192.0.2.1 and IPv6 address 2001:DB8::1 would have the following records

8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
                                              hit-to-ip.example.net.
  1     IN      A       192.0.2.1
8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
                                              hit-to-ip.example.net.
  1     IN      AAAA    2001:DB8::1


 TOC 

2.3.  Link to another domain

The CNAME resource record types MAY be used to specify another domain to lookup the locators of the system.

8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1.0.0.1.0.0.2.
                                               hit-to-ip.example.net.
  86400 IN      CNAME   8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.
                    4.3.2.1.0.1.0.0.1.0.0.2.hit-to-ip.domain.example.


 TOC 

2.4.  Managing the Records

The system MAY send DNS UPDATE[RFC2136] (Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, “Dynamic Updates in the Domain Name System (DNS UPDATE),” April 1997.) to the server provided by SOA MNAME field of the domain. The system MUST use HIT as the source address in this case. The system MAY add or delete A/AAAA or CNAME records for its own HIT representation. The domain provided in SOA MNAME field of the preconfigured domain MUST have Host Identity of the server stored in DNS, the IP addresses MUST be listed in that domain using suggested method and the server MUST accept DNS UPDATE messages, which add or delete A/AAAA or CNAME records for the HIT representation of the client after successfull HIP base exchange.



 TOC 

3.  Security Considerations

This section should be added to the draft later on.



 TOC 

4. Normative References

[RFC2119] Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997 (TXT, HTML, XML).
[RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound, “Dynamic Updates in the Domain Name System (DNS UPDATE),” RFC 2136, April 1997 (TXT, HTML, XML).
[RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, “DNS Extensions to Support IP Version 6,” RFC 3596, October 2003 (TXT).
[RFC4423] Moskowitz, R. and P. Nikander, “Host Identity Protocol (HIP) Architecture,” RFC 4423, May 2006 (TXT).
[RFC5338] Henderson, T., Nikander, P., and M. Komu, “Using the Host Identity Protocol with Legacy Applications,” RFC 5338, September 2008 (TXT).


 TOC 

Authors' Addresses

  Oleg Ponomarev
  Helsinki Institute for Information Technology
  HIIT, PO Box 9800
  TKK FIN-02015
  Finland
Email:  oleg.ponomarev@hiit.fi
  
  Andrei Gurtov
  Helsinki Institute for Information Technology
  HIIT, PO Box 9800
  TKK FIN-02015
  Finland
Email:  gurtov@cs.helsinki.fi