A Domain Name System (DNS) Service Parameter and Resource Record for Tunneling Information

A Domain Name System (DNS) Service Parameter and Resource Record for Tunneling Information Futurewei Technologies

2386 Panoramic Circle Apopka FL 32703 US +1-508-333-2270 d3e3e3@gmail.com

Futurewei Technologies

2220 Central Expressway Santa Clara CA 95050 US haoyu.song@futurewei.com

Internet Engineering Task Force DNS SVCB Tunnel Encapsulation A Domain Name System (DNS) Service Binding (SVCB) Service Parameter Type and a DNS Resource Record (RR) Type are specified for storing connection tunneling / encapsulation Information in the DNS.

Introduction The Domain Name System (DNS) is a hierarchical, distributed, highly available database with a variety of security features used for bi-directional mapping between domain names and addresses, for email routing, and for other information . This data is formatted into resource records (RRs) whose content type and structure are indicated by the RR Type field. General familiarity with the DNS and its terminology is assumed in this document.

Tunneling It is common for there to be a requirement to use or some benefit from using a "tunnel" or encapsulation scheme when connecting to a service/host. For a reachability use case, see Section 1.3 of . Typically, this involves taking a packet with a transport header addressed to the ultimate destination, adding a tunnel header to the packet, and then adding an outer transport header before transmitting the packet out of a network interface (port). The resulting packet is illustrated in . (In some cases, such as IP-in-IP, the Tunneling Header may be null.)

Encapsulation The addition of the Outer Transport and Tunneling Headers will lengthen packets which may result in the need for fragmentation. Some tunneling protocol support fragmentation but for those that do not, fragmentation of the Tunneled Packet before encapsulation may be required. This document specifies a Domain Name System (DNS) Service Binding (SVCB) Service Parameter Type and a DNS Resource Record (RR) Type for storing connection tunneling / encapsulation information in the DNS. This enables the storage and retrieval of tunneling information that may be needed to connect to a remote service or host.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. The following acronyms are used in this document:

DNS - Domain Name System .
IANA - Internet Assigned Numbers Authority <www.iana.org>.
RDATA - The data portion of an RR.
RR - DNS Resource Record.
RRType - The type field in an RR.
SVCB - Service Binding.

SVCB RR Service Parameter "tunnel" The SVCB (Service Binding) RR is specified in . It provides, when used in the "Service Mode", for the encoding of a variety of Service Parameters to assist in connecting to a service. The "tunnel" SVCB Service Parameter, whose numeric key value is TBD1, has a value consisting of the Tunnel Type, Tunnel Parameters Length, and Tunnel Parameters TLVs as specified for the BGP Tunnel Encapsulation Attribute and shown in . The presentation format for this value is hexadecimal.

SVCB tunnel Service Parameter Value See further details on the fields in where fields of the same name are specified in .

TUNNEL RR Type RDATA The RDATA for this RR type includes tunneling information in the format used in the BGP Tunnel Encapsulation Attribute , a domain name that maps to the Inner Transport Header destination, and optional Outer Transport Header information, all as further explained below and illustrated in . The RRType Code for the TUNNEL RR is TBD2.

TUNNEL RRTYPE Data The fields in are as explained below. The contiguous Tunnel Type, Tunnel Parameters Length, and Tunnel Parameters TLV (Value) as a block of data are identical to the "Tunnel Encapsulation TLV" specified in ("The BGP Tunnel Encapsulation Attribute").

Prority

- This field is a two-byte unsigned integer using network byte order that is the priority of using this tunnel to the target. A client MUST use the tunnel with the lowest priority RR that meets the following conditions:

The client implements the Tunnel Type.
The client can resolve the Target Name.
The type of packet being tunneled in not prohibited by an optional Protocol Type Tunnel Parameters TLV (see Section 3.4.1 of ). For example, the tunneling could be restricted to TCP packets.

Tunnel Type

- This is the Tunnel Type from the IANA "BFP Tunnel Encapsulation Attribute Tunnel Types" registry as specified in .

Tunnel Parameters Length

- A two-byte unsigned integer using network byte order giving the number of octets in the Tunnel Parameters TLVs field. Necessary because that field is not self-terminating.

Tunnel Parameters TLVs

- This field consists of "Tunnel Encapsulation Attribute Sub-TLVs" as specified in . These TLVs can specify a variety of parameters, including the following, which may be useful in constructing the Outer Transport Header ():

Tunnel Egress Endpoint
Differentiated Services Field
UDP Destination Port

Target Name

- The uncompressed domain name of the ultimate destination in DNS wire encoding format. Used to obtain the destination address for the construction of the Inner Transport Header as shown in .

Use of RRs A client/application seeking to send packets to a host or service can query the DNS using the name of the host or service for the TUNNEL RR. If that name is found and one or more TUNNEL RRs are returned, it can use the highest priority TUNNEL RR for which it has implemented the Tunnel Type indicated in that RR to create and populate a header as shown in . The Target Name in that TUNNEL RR can then be used to obtain an address for use in the Outer Transport Header as also shown in . Where a client/application is already using the SVCB RR, similar logic applies using the tunnel SVCB Service Parameter.

Acknowledgements The suggestions and comments of the following persons are gratefully acknowledged: tbd

IANA Considerations IANA is requested to assign a value from the Service Parameter Keys Registry on the "DNS Service Bindings (SVCB)" IANA web page as follows: IANA is requested to assign a TUNNEL RR Type (TBD2) as in the template in Appendix A.

Security Considerations tbd

References Normative References Domain names - concepts and facilities Key words for use in RFCs to Indicate Requirement Levels Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers Domain names - implementation and specification Handling of Unknown DNS Resource Record (RR) Types The BGP Tunnel Encapsulation Attribute Service binding and parameter specification via the DNS (DNS SVCB and HTTPS RRs) Informative References DNS Terminology

Tunnel RR Type Template