Internet Engineering Task Force Akira Kato, WIDE INTERNET-DRAFT Paul Vixie, ISC Expires: August 24, 2003 February 24, 2003 Operational Guidelines for "local" zones in the DNS draft-kato-dnsop-local-zones-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To view the list Internet-Draft Shadow Directories, see http://www.ietf.org/shadow.html. Distribution of this memo is unlimited. The internet-draft will expire in 6 months. The date of expiration will be August 24, 2003. Abstract A large number of DNS queries regarding to the "local" zones are sent over the Internet in every second. This memo describes operational guidelines to reduce the unnecessary DNS traffic as well as the load of the Root DNS Servers. 1. Introduction While it has yet been described in a RFC, .local is used to provide a local subspace of the DNS tree. Formal delegation process has not been completed for this TLD. In spite of this informal status, .local has been used in many installations regardless of the awareness of the users. Usually, the local DNS servers are not authoritative to the .local domain, they end up to send queries to the Root DNS Servers. There are several other DNS zones which describe the "local" information. .localhost has been used to describe the localhost for more than a couple of decades and virtually all of the DNS servers are configured authoritative for .localhost and its reverse zone .127.in- KATO Expires: August 24, 2003 [Page 1] DRAFT DNS local zones February 2003 addr.arpa. However, there are other "local" zones currently used in the Internet or Intranets connected to the Internet through NATs or similar devices. At a DNS server of an university in Japan, half of the DNS queries sent to one of the 13 Root DNS Servers were regarding to the .local. At another DNS Server running in one of the Major ISPs in Japan, the 1/4 were .local. If those "local" queries are able to direct other DNS servers than Root, or they can be resolved locally, it contributes the reduction of the Root DNS Servers. 2. Rationale Any DNS queries regarding to "local" names should not be sent to the DNS servers on the Internet. 3. Operational Guidelines Those queries should be processed at the DNS servers internal to each site so that the severs respond with NXDOMAIN rather than sending queries to the DNS servers outside. The "local" names have common DNS suffixes which are listed below: 3.1. Local host related zones: Following two zones are described in [Barr, 1996] and .localhost is also defined in [Eastlake, 1999] . o .localhost o .127.in-addr.arpa Following two zones are for the loopback address in IPv6 [Hinden, 1998] . While the TLD for IPv6 reverse lookup is .arpa as defined in [Bush, 2001] , the old TLD .int has been used for this purpose for years [Thomson, 1995] and many implementations still use .int. So it is suggested that both zones should be provided for each IPv6 reverse lookup zone for a while. o 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int o 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa 3.2. Locally created name space While the use of .local has been proposed in several Internet-Drafts, it has not been described in any Internet documents with formal status. However, the amount of the queries for .local is much larger than others, it is suggested to resolve the following zone locally: KATO Expires: August 24, 2003 [Page 2] DRAFT DNS local zones February 2003 o .local 3.3. Private or site-local addresses The following IPv4 "private" addresses [Rekhter, 1996] and IPv6 site- local addresses [Hinden, 1998] should be resolved locally: o 10.in-addr.arpa o 16.172.in-addr.arpa o 17.172.in-addr.arpa o 18.172.in-addr.arpa o 19.172.in-addr.arpa o 20.172.in-addr.arpa o 21.172.in-addr.arpa o 22.172.in-addr.arpa o 23.172.in-addr.arpa o 24.172.in-addr.arpa o 25.172.in-addr.arpa o 26.172.in-addr.arpa o 27.172.in-addr.arpa o 28.172.in-addr.arpa o 29.172.in-addr.arpa o 30.172.in-addr.arpa o 31.172.in-addr.arpa o 168.192.in-addr.arpa o c.e.f.ip6.int o d.e.f.ip6.int o e.e.f.ip6.int o f.e.f.ip6.int o c.e.f.ip6.arpa o d.e.f.ip6.arpa o e.e.f.ip6.arpa o f.e.f.ip6.arpa 3.4. Link-local addresses The link-local address blocks for IPv4 [IANA, 2002] and IPv6 [Hinden, 1998] should be resolved locally: o 254.169.in-addr.arpa o 8.e.f.ip6.int o 9.e.f.ip6.int o a.e.f.ip6.int o b.e.f.ip6.int o 8.e.f.ip6.arpa o 9.e.f.ip6.arpa o a.e.f.ip6.arpa o b.e.f.ip6.arpa KATO Expires: August 24, 2003 [Page 3] DRAFT DNS local zones February 2003 4. Suggestions to developers 4.1. Suggestions to DNS software implementors In order to avoid unnecessary traffic, it is suggested that DNS software implementors provide configuration templates or default configurations so that the names described in the previous section are resolved locally rather than sent to other DNS servers in the Internet. 4.2. Suggestions to developers of NATs or similar devices There are many NAT or similar devices available in the market. Regardless of the availability of DNS Servers in those devices, it is suggested that those devices are able to filter the DNS traffic or respond to the DNS traffic related to "local" zones by configuration regardless of its ability of DNS service. It is suggested that this functionality is activated by default. 5. IANA Consideration While .local TLD has yet defined officially, there are substantial queries to the Root DNS Servers as of writing. About 1/4 to 1/2% of the traffic sent to the Root DNS Servers are related to the .local zone. Therefore, while it is not formally defined, it is suggested that IANA delegates .local TLD to an organization. The AS112 Project [Vixie, ] serves authoritative DNS service for RFC1918 address and the link-local address. It has several DNS server instances around the world by using BGP Anycast [Hardie, 2002] . So the AS112 Project is one of the candidates to host the .local TLD. Authors' addresses Akira Kato The University of Tokyo, Information Technology Center 2-11-16 Yayoi Bunkyo Tokyo 113-8658, JAPAN Tel: +81 3-5841-2750 Email: kato@wide.ad.jp Paul Vixie Internet Software Consortium 950 Charter Street Redwood City, CA 94063, USA Tel: +1 650-779-7001 Email: vixie@isc.org KATO Expires: August 24, 2003 [Page 4] DRAFT DNS local zones February 2003 References To be filled References Barr, 1996. D. Barr, "Common DNS Operational and Configuration Errors" in RFC1912 (February 1996). Eastlake, 1999. D. Eastlake, "Reserved Top Level DNS Names" in RFC2606 (June 1999). Hinden, 1998. R. Hinden and S. Deering, "IP Version 6 Addressing Architecture" in RFC2373 (July 1998). Bush, 2001. R. Bush, "Delegation of IP6.ARPA" in RFC3152 (August 2001). Thomson, 1995. S. Thomson and C. Huitema, "DNS Extensions to support IP version 6" in RFC1886 (December 1995). Rekhter, 1996. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear, "Address Allocation for Private Internets" in RFC1918 (February 1996). IANA, 2002. IANA, "Special-Use IPv4 Addresses" in RFC3330 (September 2002). Vixie, . P. Vixie, "AS112 Project" in AS112. http://www.as112.net/. Hardie, 2002. T. Hardie, "Distributing Authoritative Name Servers via Shared Unicast Addresses" in RFC3258 (April 2002). KATO Expires: August 24, 2003 [Page 5]