Internet Engineering Task Force (IETF) J. Jeong Request for Comments: 6106 Brocade/ETRI Obsoletes: 5006 S. Park Category: Standards Track SAMSUNG Electronics ISSN: 2070-1721 L. Beloeil France Telecom R&D S. Madanapalli iRam Technologies November 2010 IPv6 Router Advertisement Options for DNS Configuration
AbstractThis document specifies IPv6 Router Advertisement options to allow IPv6 routers to advertise a list of DNS recursive server addresses and a DNS Search List to IPv6 hosts. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6106. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
1. Introduction ....................................................3 1.1. Applicability Statements ...................................3 1.2. Coexistence of RA Options and DHCP Options for DNS Configuration ..............................................4 2. Requirements Language ...........................................4 3. Terminology .....................................................4 4. Overview ........................................................5 5. Neighbor Discovery Extension ....................................5 5.1. Recursive DNS Server Option ................................6 5.2. DNS Search List Option .....................................7 5.3. Procedure of DNS Configuration .............................8 5.3.1. Procedure in IPv6 Host ..............................8 5.3.2. Warnings for DNS Options Configuration .............10 6. Implementation Considerations ..................................10 6.1. DNS Repository Management .................................10 6.2. Synchronization between DNS Server List and Resolver Repository .......................................11 6.3. Synchronization between DNS Search List and Resolver Repository .......................................12 7. Security Considerations ........................................13 7.1. Security Threats ..........................................13 7.2. Recommendations ...........................................14 8. IANA Considerations ............................................15 9. Acknowledgements ...............................................15 10. References ....................................................16 10.1. Normative References .....................................16 10.2. Informative References ...................................16 Appendix A. Changes from RFC 5006 ................................18
RFC5006]. This document is also to define a new RA option for Domain Name Search Lists for an enhanced DNS configuration. Thus, this document obsoletes [RFC5006], which only defines the RA option for DNS Recursive Server Addresses. Neighbor Discovery (ND) for IP version 6 and IPv6 stateless address autoconfiguration provide ways to configure either fixed or mobile nodes with one or more IPv6 addresses, default routers, and some other parameters [RFC4861][RFC4862]. Most Internet services are identified by using a DNS name. The two RA options defined in this document provide the DNS information needed for an IPv6 host to reach Internet services. It is infeasible to manually configure nomadic hosts each time they connect to a different network. While a one-time static configuration is possible, it is generally not desirable on general- purpose hosts such as laptops. For instance, locally defined name spaces would not be available to the host if it were to run its own name server software directly connected to the global DNS. The DNS information can also be provided through DHCP [RFC3315][RFC3736][RFC3646]. However, the access to DNS is a fundamental requirement for almost all hosts, so IPv6 stateless autoconfiguration cannot stand on its own as an alternative deployment model in any practical network without any support for DNS configuration. These issues are not pressing in dual-stack networks as long as a DNS server is available on the IPv4 side, but they become more critical with the deployment of IPv6-only networks. As a result, this document defines a mechanism based on IPv6 RA options to allow IPv6 hosts to perform the automatic DNS configuration.
many networks some additional information needs to be distributed, those networks are likely to employ DHCPv6. In these networks, RA- based DNS configuration may not be needed. RA-based DNS configuration allows an IPv6 host to acquire the DNS configuration (i.e., DNS recursive server addresses and DNS Search List) for the link(s) to which the host is connected. Furthermore, the host learns this DNS configuration from the same RA message that provides configuration information for the link, thereby avoiding also running DHCPv6. The advantages and disadvantages of the RA-based approach are discussed in [RFC4339] along with other approaches, such as the DHCP and well-known anycast address approaches. RFC3646]. They can be used together. The rules governing the decision to use stateful configuration mechanisms are specified in [RFC4861]. Hosts conforming to this specification MUST extract DNS information from Router Advertisement messages, unless static DNS configuration has been specified by the user. If there is DNS information available from multiple Router Advertisements and/or from DHCP, the host MUST maintain an ordered list of this information as specified in Section 5.3.1. RFC2119]. RFC4861] and [RFC4862]. In addition, four new terms are defined below: o Recursive DNS Server (RDNSS): Server that provides a recursive DNS resolution service for translating domain names into IP addresses as defined in [RFC1034] and [RFC1035]. o RDNSS Option: IPv6 RA option to deliver the RDNSS information to IPv6 hosts [RFC4861].
o DNS Search List (DNSSL): The list of DNS suffix domain names used by IPv6 hosts when they perform DNS query searches for short, unqualified domain names. o DNSSL Option: IPv6 RA option to deliver the DNSSL information to IPv6 hosts. o DNS Repository: Two data structures for managing DNS Configuration Information in the IPv6 protocol stack in addition to Neighbor Cache and Destination Cache for Neighbor Discovery [RFC4861]. The first data structure is the DNS Server List for RDNSS addresses and the second is the DNS Search List for DNS search domain names. o Resolver Repository: Configuration repository with RDNSS addresses and a DNS Search List that a DNS resolver on the host uses for DNS name resolution; for example, the Unix resolver file (i.e., /etc/ resolv.conf) and Windows registry. RFC5006] that contains the addresses of recursive DNS servers. This document also defines a new ND option called the DNSSL option for the Domain Search List. This is to maintain parity with the DHCPv6 options and to ensure that there is necessary functionality to determine the search domains. The existing ND message (i.e., Router Advertisement) is used to carry this information. An IPv6 host can configure the IPv6 addresses of one or more RDNSSes via RA messages. Through the RDNSS and DNSSL options, along with the prefix information option based on the ND protocol ([RFC4861] and [RFC4862]), an IPv6 host can perform the network configuration of its IPv6 address and the DNS information simultaneously without needing DHCPv6 for the DNS configuration. The RA options for RDNSS and DNSSL can be used on any network that supports the use of ND. This approach requires the manual configuration or other automatic mechanisms (e.g., DHCPv6 or vendor proprietary configuration mechanisms) to configure the DNS information in routers sending the advertisements. The automatic configuration of RDNSS addresses and a DNS Search List in routers is out of scope for this document.
Figure 1 shows the format of the RDNSS option. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | : Addresses of IPv6 Recursive DNS Servers : | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Recursive DNS Server (RDNSS) Option Format Fields: Type 8-bit identifier of the RDNSS option type as assigned by the IANA: 25 Length 8-bit unsigned integer. The length of the option (including the Type and Length fields) is in units of 8 octets. The minimum value is 3 if one IPv6 address is contained in the option. Every additional RDNSS address increases the length by 2. The Length field is used by the receiver to determine the number of IPv6 addresses in the option. Lifetime 32-bit unsigned integer. The maximum time, in seconds (relative to the time the packet is sent), over which this RDNSS address MAY be used for name resolution. Hosts MAY send a Router Solicitation to ensure the RDNSS information is fresh before the interval expires. In order to provide fixed hosts with stable DNS service and allow mobile hosts to prefer local RDNSSes to remote RDNSSes, the value of Lifetime SHOULD be bounded as MaxRtrAdvInterval <= Lifetime <= 2*MaxRtrAdvInterval where MaxRtrAdvInterval is the Maximum RA Interval defined in [RFC4861]. A value of all one bits (0xffffffff) represents infinity. A value of zero means that the RDNSS address MUST no longer be used.
Addresses of IPv6 Recursive DNS Servers One or more 128-bit IPv6 addresses of the recursive DNS servers. The number of addresses is determined by the Length field. That is, the number of addresses is equal to (Length - 1) / 2. Figure 2 shows the format of the DNSSL option. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | : Domain Names of DNS Search List : | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: DNS Search List (DNSSL) Option Format Fields: Type 8-bit identifier of the DNSSL option type as assigned by the IANA: 31 Length 8-bit unsigned integer. The length of the option (including the Type and Length fields) is in units of 8 octets. The minimum value is 2 if at least one domain name is contained in the option. The Length field is set to a multiple of 8 octets to accommodate all the domain names in the field of Domain Names of DNS Search List. Lifetime 32-bit unsigned integer. The maximum time, in seconds (relative to the time the packet is sent), over which this DNSSL domain name MAY be used for name resolution. The Lifetime value has the same semantics as with the RDNSS option. That is, Lifetime SHOULD be bounded as follows: MaxRtrAdvInterval <= Lifetime <= 2*MaxRtrAdvInterval.
A value of all one bits (0xffffffff) represents infinity. A value of zero means that the DNSSL domain name MUST no longer be used. Domain Names of DNS Search List One or more domain names of DNS Search List that MUST be encoded using the technique described in Section 3.1 of [RFC1035]. By this technique, each domain name is represented as a sequence of labels ending in a zero octet, defined as domain name representation. For more than one domain name, the corresponding domain name representations are concatenated as they are. Note that for the simple decoding, the domain names MUST NOT be encoded in a compressed form, as described in Section 4.1.4 of [RFC1035]. Because the size of this field MUST be a multiple of 8 octets, for the minimum multiple including the domain name representations, the remaining octets other than the encoding parts of the domain name representations MUST be padded with zeros. Note: An RDNSS address or a DNSSL domain name MUST be used only as long as both the RA router Lifetime (advertised by a Router Advertisement message [RFC4861]) and the corresponding option Lifetime have not expired. The reason is that in the current network to which an IPv6 host is connected, the RDNSS may not be currently reachable, that the DNSSL domain name is not valid any more, or that these options do not provide service to the host's current address (e.g., due to network ingress filtering [RFC2827][RFC5358]). RFC4861].
o If the DNS options are valid, the host SHOULD copy the values of the options into the DNS Repository and the Resolver Repository in order. Otherwise, the host MUST discard the options. Refer to Section 6 for the detailed procedure. When the IPv6 host has gathered a sufficient number (e.g., three) of RDNSS addresses (or DNS search domain names), it SHOULD maintain RDNSS addresses (or DNS search domain names) by the sufficient number such that the latest received RDNSS or DNSSL is more preferred to the old ones; that is, when the number of RDNSS addresses (or DNS search domain names) is already the sufficient number, the new one replaces the old one that will expire first in terms of Lifetime. As an exceptional case, if the received RDNSS addresses (or DNS search domain names) already exist in the IPv6 host, their Lifetime fields update their Expiration-time, that is, when the corresponding DNS information expires in the IPv6 host; note that when the Lifetime field has zero, the corresponding RDNSS (or DNS search domain name) is deleted from the IPv6 host. Except for this update, the IPv6 host SHOULD ignore other RDNSS addresses (or DNS search domain names) within an RDNSS (or a DNSSL) option and/or additional RDNSS (or DNSSL) options within an RA. Refer to Section 6 for the detailed procedure. Note that the sufficient number is a system parameter, so it can be determined by a local policy. Also, separate parameters can be specified for the sufficient number of RDNSS addresses and that of DNS search domain names, respectively. In this document, three is RECOMMENDED as a sufficient number considering both the robust DNS query and the reasonably time-bounded recognition of the unreachability of DNS servers. In the case where the DNS options of RDNSS and DNSSL can be obtained from multiple sources, such as RA and DHCP, the IPv6 host SHOULD keep some DNS options from all sources. Unless explicitly specified for the discovery mechanism, the exact number of addresses and domain names to keep is a matter of local policy and implementation choice. However, the ability to store at least three RDNSS addresses (or DNSSL domain names) from at least two different sources is RECOMMENDED. The DNS options from Router Advertisements and DHCP SHOULD be stored into the DNS Repository and Resolver Repository so that information from DHCP appears there first and therefore takes precedence. Thus, the DNS information from DHCP takes precedence over that from RA for DNS queries. On the other hand, for DNS options announced by RA, if some RAs use the Secure Neighbor Discovery (SEND) protocol [RFC3971] for RA security, they MUST be preferred over those that do not use SEND. Refer to Section 7 for the detailed discussion on SEND for RA DNS options.
o RDNSS address for DNS Server List: IPv6 address of the Recursive DNS Server, which is available for recursive DNS resolution service in the network advertising the RDNSS option. o DNSSL domain name for DNS Search List: DNS suffix domain names, which are used to perform DNS query searches for short, unqualified domain names in the network advertising the DNSSL option. o Expiration-time for DNS Server List or DNS Search List: The time when this entry becomes invalid. Expiration-time is set to the value of the Lifetime field of the RDNSS option or DNSSL option plus the current system time. Whenever a new RDNSS option with the same address (or DNSSL option with the same domain name) is received on the same interface as a previous RDNSS option (or DNSSL option), this field is updated to have a new Expiration- time. When Expiration-time becomes less than the current system time, this entry is regarded as expired.
Step (c): For each RDNSS address, if it already exists in the DNS Server List, then just update the value of the Expiration-time field according to the procedure specified in the third bullet of Section 6.1. Otherwise, go to Step (d). Step (d): For each RDNSS address, if it does not exist in the DNS Server List, register the RDNSS address and Lifetime with the DNS Server List and then insert the RDNSS address in front of the Resolver Repository. In the case where the data structure for the DNS Server List is full of RDNSS entries (that is, has more RDNSSes than the sufficient number discussed in Section 5.3.1), delete from the DNS Server List the entry with the shortest Expiration-time (i.e., the entry that will expire first). The corresponding RDNSS address is also deleted from the Resolver Repository. For the ordering of RDNSS addresses in an RDNSS option, position the first RDNSS address in the RDNSS option as the first one in the Resolver Repository, the second RDNSS address in the option as the second one in the repository, and so on. This ordering allows the RDNSS addresses in the RDNSS option to be preferred according to their order in the RDNSS option for the DNS name resolution. The processing of these RDNSS addresses is finished here. The handling of expired RDNSSes is as follows: Whenever an entry expires in the DNS Server List, the expired entry is deleted from the DNS Server List, and also the RDNSS address corresponding to the entry is deleted from the Resolver Repository.
e.g., the termination of the RDNSS or a renaming situation. That is, the RDNSS can resign from its DNS service because the machine running the RDNSS is out of service intentionally or unintentionally. Also, under the renaming situation, the DNSSL domain names will be changed, so the previous domain names should not be used any more. The processing of this DNSSL domain name is finished here. Otherwise, go to Step (c). Step (c): For each DNSSL domain name, if it already exists in the DNS Server List, then just update the value of the Expiration-time field according to the procedure specified in the third bullet of Section 6.1. Otherwise, go to Step (d). Step (d): For each DNSSL domain name, if it does not exist in the DNS Search List, register the DNSSL domain name and Lifetime with the DNS Search List and then insert the DNSSL domain name in front of the Resolver Repository. In the case where the data structure for the DNS Search List is full of DNSSL domain name entries (that is, has more DNSSL domain names than the sufficient number discussed in Section 5.3.1), delete from the DNS Server List the entry with the shortest Expiration-time (i.e., the entry that will expire first). The corresponding DNSSL domain name is also deleted from the Resolver Repository. For the ordering of DNSSL domain names in a DNSSL option, position the first DNSSL domain name in the DNSSL option as the first one in the Resolver Repository, the second DNSSL domain name in the option as the second one in the repository, and so on. This ordering allows the DNSSL domain names in the DNSSL option to be preferred according to their order in the DNSSL option for the DNS domain name used by the DNS query. The processing of these DNSSL domain name is finished here. The handling of expired DNSSLs is as follows: Whenever an entry expires in the DNS Search List, the expired entry is deleted from the DNS Search List, and also the DNSSL domain name corresponding to the entry is deleted from the Resolver Repository.
attacker can let IPv6 hosts resolve a host name without a DNS suffix into an unintended host's IP address with a fraudulent DNS Search List. These attacks are similar to Neighbor Discovery attacks that use Redirect or Neighbor Advertisement messages to redirect traffic to individual addresses of malicious parties. That is, as a rogue router, a malicious node on a LAN can promiscuously receive packets for any router's Media Access Control (MAC) address and send packets with the router's MAC address as the source MAC address in the Layer 2 (L2) header. As a result, L2 switches send packets addressed to the router to the malicious node. Also, this attack can send redirects that tell the hosts to send their traffic somewhere else. The malicious node can send unsolicited RA or Neighbor Advertisement (NA) replies, answer RS or Neighbor Solicitation (NS) requests, etc. Thus, the attacks related to RDNSS and DNSSL are similar to both Neighbor Discovery attacks and attacks against unauthenticated DHCP, as both can be used for both "wholesale" traffic redirection and more specific attacks. However, the security of these RA options for DNS configuration does not affect ND protocol security [RFC4861]. This is because learning DNS information via the RA options cannot be worse than learning bad router information via the RA options. Therefore, the vulnerability of ND is not worse and is a subset of the attacks that any node attached to a LAN can do independently of ND. RFC3971] is used as a security mechanism for ND. It is RECOMMENDED that ND use SEND to allow all the ND options including the RDNSS and DNSSL options to be automatically included in the signatures. Through SEND, the transport for the RA options is integrity protected; that is, SEND can prevent the spoofing of these DNS options with signatures. Also, SEND enables an IPv6 host to verify that the sender of an RA is actually a router authorized to act as a router. However, since any valid SEND router can still insert RDNSS and DNSSL options, the current SEND cannot verify which one is or is not authorized to send the options. Thus, this verification of the authorized routers for ND options will be required. [CSI-SEND-CERT] specifies the usage of extended key for the certificate deployed in SEND. This document defines the roles of routers (i.e., routers acting as proxy and address owner) and explains the authorization of the roles. The mechanism in this document can be extended to verify which routers are authorized to insert RDNSS and DNSSL options.
It is common for network devices such as switches to include mechanisms to block unauthorized ports from running a DHCPv6 server to provide protection from rogue DHCP servers. That means that an attacker on other ports cannot insert bogus DNS servers using DHCPv6. The corresponding technique for network devices is RECOMMENDED to block rogue Router Advertisement messages including the RDNSS and DNSSL options from unauthorized nodes. An attacker may provide a bogus DNS Search List option in order to cause the victim to send DNS queries to a specific DNS server when the victim queries non-FQDNs (fully qualified domain names). For this attack, the DNS resolver in IPv6 hosts can mitigate the vulnerability with the recommendations mentioned in [RFC1535], [RFC1536], and [RFC3646]. RFC5006], which was assigned by the IANA as follows: Option Name Type Recursive DNS Server Option 25 The IANA has assigned a new IPv6 Neighbor Discovery Option type for the DNSSL option defined in this document: Option Name Type DNS Search List Option 31 These options have been registered in the "Internet Control Message Protocol version 6 (ICMPv6) Parameters" registry (http://www.iana.org).
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6", RFC 3736, April 2004. [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, December 2003. [RFC5006] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, "IPv6 Router Advertisement Option for DNS Configuration", RFC 5006, September 2007. [RFC4339] Jeong, J., "IPv6 Host Configuration of DNS Server Information Approaches", RFC 4339, February 2006. [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005.
[RFC5358] Damas, J. and F. Neves, "Preventing Use of Recursive Nameservers in Reflector Attacks", BCP 140, RFC 5358, October 2008. [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, May 2000. [RFC1535] Gavron, E., "A Security Problem and Proposed Correction With Widely Deployed DNS Software", RFC 1535, October 1993. [RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S. Miller, "Common DNS Implementation Errors and Suggested Fixes", RFC 1536, October 1993. [MIF-PROBLEM] Blanchet, M. and P. Seite, "Multiple Interfaces Problem Statement", Work in Progress, August 2010. [MIF-PRACTICE] Wasserman, M. and P. Seite, "Current Practices for Multiple Interface Hosts", Work in Progress, August 2010. [CSI-SEND-CERT] Gagliano, R., Krishnan, S., and A. Kukec, "Certificate profile and certificate management for SEND", Work in Progress, October 2010.
RFC 5006 "IPv6 Router Advertisement Option for DNS Configuration": o Added the DNS Search List (DNSSL) option to support the advertisement of DNS suffixes used in the DNS search along with RDNSS option in RFC 5006. o Clarified the coexistence of RA options and DHCP options for DNS configuration. o Modified the procedure in IPv6 host: * Clarified the procedure for DNS options in an IPv6 host. * Specified a sufficient number of RDNSS addresses or DNS search domain names as three. * Specified a way to deal with DNS options from multiple sources, such as RA and DHCP. o Modified the implementation considerations for DNSSL option handling. o Modified the security considerations to consider more attack scenarios and the corresponding possible solutions. o Modified the IANA considerations to require another IPv6 Neighbor Discovery Option type for the DNSSL option.
http://www.cs.umn.edu/~jjeong/ Soohong Daniel Park Digital Media & Communications R&D Center SAMSUNG Electronics 416 Maetan-3dong, Yeongtong-Gu Suwon, Gyeonggi-Do 443-742 Korea Phone: +82 31 279 8876 EMail: firstname.lastname@example.org Luc Beloeil France Telecom R&D 42, rue des coutures BP 6243 14066 CAEN Cedex 4 France Phone: +33 2 40 44 97 40 EMail: email@example.com Syam Madanapalli iRam Technologies #H304, Shriram Samruddhi, Thubarahalli Bangalore - 560066 India EMail: firstname.lastname@example.org