Internet DRAFT - draft-pp-dnsop-authinfo
draft-pp-dnsop-authinfo
Network Working Group P. Hoffman
Internet-Draft ICANN
Intended status: Standards Track P. Sood
Expires: March 12, 2021 Google
September 08, 2020
Reporting Information from DNS Authoritative Servers
draft-pp-dnsop-authinfo-00
Abstract
This document defines a new DNS RRtype, AUTHINFO, that is used by
authoritative servers to publish information about themselves. This
information can be useful because a recursive resolver can determine
an authoritative server's capabilities, such as whether an
authoritative server supports the EDNS(0) client subnet extension.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 12, 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Hoffman & Sood Expires March 12, 2021 [Page 1]
�
Internet-Draft DNS AUTHINFO September 2020
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 2
2. Authoritative Server Information . . . . . . . . . . . . . . 2
3. Contents of the Returned I-JSON Object . . . . . . . . . . . 3
3.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Using AUTHINFO Responses for Detecting Client Subnet Support 4
4.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
5.1. AUTHINFO RRtype . . . . . . . . . . . . . . . . . . . . . 4
5.2. Registry for DNS Authoritative Server Information . . . . 5
5.3. Registration for ecs-supported in the IANA DNS
Authoritative Server Information Registry . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Normative References . . . . . . . . . . . . . . . . . . 5
7.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
It is sometimes useful for a DNS recursive resolver to know the
capabilities of an authoritative server before sending queries.
Because the record with this information can be signed with DNSSEC,
it can be used to help a recursive resolver know whether to expect
particular EDNS(0) [RFC6891] options in responses. Other uses for
the information may be developed in the future.
1.1. Definitions
The term "authoritative server" is defined in [RFC8499].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Authoritative Server Information
A recursive resolver that wants to use the DNS to get information
about an authoritative server sends a query of <some_name>/IN/
AUTHINFO to the authoritative server. The name <some_name> is a
placeholder for any zone for which the authoritative server is
Hoffman & Sood Expires March 12, 2021 [Page 2]
�
Internet-Draft DNS AUTHINFO September 2020
authoritative. For example, if an authoritative server is
authoritative for example.com, the query could be example.com/IN/
AUTHINFO, or the QNAME could be any other name for which the server
is authoritative. If the QNAME in the request is for a zone for
which the authoritative server is not authoritative, the response
MUST be an NXDOMAIN response.
The RRtype "AUTHINFO" is defined in this document, and the IANA
assignment is given in Section 5.1. The contents of the Rdata in the
response to this query is defined in Section 3. If the authoritative
server understands the AUTHINFO RRtype, the RRset in the Answer
section MUST have exactly one record.
Most zone typically have multiple authoritative servers. Thus, the
AUTHINFO Rdata returned from different authoritative servers for the
same zone might differ.
3. Contents of the Returned I-JSON Object
The response from a DNS query for the AUTHINFO RRtype is a JSON
object. The JSON object MUST use the I-JSON message format defined
in [RFC7493]. Note that [RFC7493] was based on RFC 7159, but RFC
7159 was replaced by [RFC8259]. Requiring the use of I-JSON instead
of more general JSON format greatly increases the likelihood of
interoperability.
The JSON object MAY contain any name/value pairs.
All names in the returned object MUST either be defined in the IANA
registry or, if for local use only, begin with the substring "temp-".
The IANA registry (Section 5.1) will never register names that begin
with "temp-".
All names MUST consist only of lower-case ASCII characters, digits,
and hyphens (that is, Unicode characters U+0061 through 007A, U+0030
through U+0039, and U+002D), and MUST be 63 characters or shorter.
As defined in Section 5.1, the IANA registry will not register names
that begin with "temp-", so these names can be used freely by any
implementer.
Note that the message returned by the authoritative server MUST be in
I-JSON format. I-JSON requires that the message MUST be encoded in
UTF8.
Hoffman & Sood Expires March 12, 2021 [Page 3]
�
Internet-Draft DNS AUTHINFO September 2020
3.1. Example
The I-JSON object that a authoritative server returns might look like
the following:
{
"temp-field2": 42
}
As specified in [RFC7493], the I-JSON object is encoded as UTF8.
[RFC7493] explicitly allows the returned objects to be in any order.
4. Using AUTHINFO Responses for Detecting Client Subnet Support
This document defines an entry for the IANA DNS Authoritative Server
Information Registry that is defined in Section 5.1.
The "ecs-supported" name is used to specify whether the authoritative
server supports the EDNS(0) client subnet extension defined in
[RFC7871]. The value MUST be a boolean.
4.1. Example
An authoritative server can be reached at "ns32.example.com" and the
IP address 192.0.2.222. It supports EDNS(0) client subnet extension.
It's response to the AUTHINFO query might be:
{ "ecs-supported": true }
5. IANA Considerations
5.1. AUTHINFO RRtype
This document defines a new DNS RR type, AUTHINFO, whose value TBD
will be allocated by IANA from the "Resource Record (RR) TYPEs" sub-
registry of the "Domain Name System (DNS) Parameters" registry:
Type: AUTHINFO
Value: TBD
Meaning: Information self-published by an authoritative server as an
I-JSON (RFC 7493) object
Reference: This document
Hoffman & Sood Expires March 12, 2021 [Page 4]
�
Internet-Draft DNS AUTHINFO September 2020
5.2. Registry for DNS Authoritative Server Information
IANA will create a new registry titled "DNS Authoritative Server
Information" that will contain definitions of the names that can be
used with the protocols defined in this document. The registration
procedure is by Expert Review and Specification Required, as defined
in [RFC8126].
The specification that is required for registration can be either an
Internet-Draft or an RFC. The reviewer for this registry is
instructed to generally be liberal in what they accept into the
registry: as long as the specification that comes with the
registration request is reasonably understandable, the registration
should be accepted.
The registry has the following fields for each element:
Name: The name to be used in the JSON object. This name MUST NOT
begin with "temp-". This name MUST conform to the definition of
"string" in I-JSON [RFC7493] message format.
Value type: The type of data to be used in the JSON object.
Specification: The name of the specification for the registered
element.
5.3. Registration for ecs-supported in the IANA DNS Authoritative
Server Information Registry
Name: ecs-supported
Value type: Boolean
Specification: This document
6. Security Considerations
The values in the AUTHINFO response will be protected by DNSSEC
signature if the zone in which the record resides is signed.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
Hoffman & Sood Expires March 12, 2021 [Page 5]
�
Internet-Draft DNS AUTHINFO September 2020
[RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493,
DOI 10.17487/RFC7493, March 2015,
<https://www.rfc-editor.org/info/rfc7493>.
[RFC7871] Contavalli, C., van der Gaast, W., Lawrence, D., and W.
Kumari, "Client Subnet in DNS Queries", RFC 7871,
DOI 10.17487/RFC7871, May 2016,
<https://www.rfc-editor.org/info/rfc7871>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", STD 90, RFC 8259,
DOI 10.17487/RFC8259, December 2017,
<https://www.rfc-editor.org/info/rfc8259>.
[RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499,
January 2019, <https://www.rfc-editor.org/info/rfc8499>.
7.2. Informative References
[RFC6891] Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms
for DNS (EDNS(0))", STD 75, RFC 6891,
DOI 10.17487/RFC6891, April 2013,
<https://www.rfc-editor.org/info/rfc6891>.
Authors' Addresses
Paul Hoffman
ICANN
Email: paul.hoffman@icann.org
Puneet Sood
Google
Email: puneets@google.com
Hoffman & Sood Expires March 12, 2021 [Page 6]
