AS112 Nameserver Delegations for IPv6

The IPv6 Addressing Architecture and Unique Local IPv6 Unicast Addresses includes certain address prefixes that are not intended to be uniquely used in the global network as globally-scoped unicast addresses. Such addresses include locally-scoped addresses, certain anycast addresses, and loopback addresses. While such addresses are not intended to be used in the same context as globally-scoped unicast addresses, their use in various local and global contexts is seen to trigger Domain Name System (DNS) queries (of the form of "reverse lookups") corresponding to these addresses. Since the addresses concerned generally have local rather than global significance, it is good practice for site administrators to ensure that such queries are answered locally . However, it is not uncommon for such queries to follow the normal delegation path in the public DNS instead of being answered within the site. It is not possible for public DNS servers to give useful answers to such queries, and the response to such reverse lookup queries from the global DNS is the "Name Error" RCODE described in , commonly termed "NXDOMAIN". When the reverse-DNS infrastructure receives a request for un-delegated sub-domains, the point of delegation of the last matched label along the name path to the root receives the query. In the case of the IPv6 reverse delegation structure, this implies that the IP6.ARPA authoritative servers will receive the query load. Because the sub-domain is not delegated, the server is obliged to answer with an NXDOMAIN response. A large number of these DNS queries are repeated, further increasing the DNS query load imposed on the DNS root servers and the IP6.ARPA authoritative servers. This query load appears to have unacceptable scaling consequences as IPv6 uptake increases. By delegating these sub-domains to the AS112 project , the DNS query load can be passed off to a distributed dedicated server set, reducing the load through the DNS root and on the IP6.ARPA authoritative servers.

As per the provisions of , this document recommends the IAB to direct IANA to delegate the following IP6.ARPA reverse DNS zones to the AS112 project :

AS112 project servers should add these zones to their configuration, and terminate queries efficiently inside their service infrastructure. This delegation instruction is subject to further direction in the future from the IAB to IANA, as per the provisions of .

The Security Considerations described in also apply to local-use IPv6 addresses, and should be considered in the context of the use of these addresses. DNS queries may well identify the location of deployment of IPv6 enabled equipment in private contexts, particularly when the reverse queries relate to local-use IPv6 addresses. While operators of the DNS reverse servers should respect the privacy of data relating to individual queries made to these reverse address servers, the unintentional leakage of information beyond its intended scope of use and circulation represents a potential threat to the security of a local private network. This direction to delegate these local-use IPv6 reverse address sub-domains does not substantially change the security risks of information leakage from private environments.

The authors acknowledge the work of Joe Abley and William Maton and the DNSOPS Working Group in preparing the AS112 framework document for delegation of the private use address blocks in IPv4, and have used parts of their AS112 document as a template for these AS112 delegation instructions in IPv6.