Internet DRAFT - draft-toorop-dnsop-ranking-dns-data
draft-toorop-dnsop-ranking-dns-data
Domain Name System Operations P. Hoffman
Internet-Draft ICANN
Updates: 2181 (if approved) S. Huque
Intended status: Standards Track Salesforce
Expires: 5 September 2024 W. Toorop
NLnet Labs
4 March 2024
Ranking Domain Name System data
draft-toorop-dnsop-ranking-dns-data-00
Abstract
This document extends the list ranking the trustworthiness of domain
name system (DNS) data (see Section 5.4.1 of [RFC2181]). The list is
extended with entries for root server names and addresses built-in
resolvers, and provided via a root hints file with the lowest
trustworthiness, as wel as an entry for data which is verifiable
DNSSEC secure with the highest trustworthiness. This document
furthermore assigns ranked values to the positions of the list for
easier reference and comparison of trustworthiness of DNS data.
About This Document
This note is to be removed before publishing as an RFC.
Status information for this document may be found at
https://datatracker.ietf.org/doc/draft-toorop-dnsop-ranking-dns-
data/.
Discussion of this document takes place on the DNSOP Working Group
mailing list (mailto:dnsop@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/dnsop/. Subscribe at
https://www.ietf.org/mailman/listinfo/dnsop/.
Source for this draft and an issue tracker can be found at
https://github.com/NLnetLabs/draft-toorop-dnsop-ranking-dns-data.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Hoffman, et al. Expires 5 September 2024 [Page 1]
�
Internet-Draft Ranking DNS data March 2024
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 5 September 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Trustworthiness values . . . . . . . . . . . . . . . . . . . 2
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 3
5. Normative References . . . . . . . . . . . . . . . . . . . . 3
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 4
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4
1. Introduction
This draft's intention is currently just to start re-evaluation and
re-thinking of [RFC2181], Section 5.4.1 about ranking trustworthiness
of DNS data.
2. Trustworthiness values
+=======+===========================================================+
| Value | Data |
+=======+===========================================================+
| AAA | Data from a primary zone file other than |
| | occluded data, and all data that is verifiable |
| | DNSSEC secure regardless off were it came from |
+-------+-----------------------------------------------------------+
| AA | Data from a zone transfer other than occluded |
| | data |
Hoffman, et al. Expires 5 September 2024 [Page 2]
�
Internet-Draft Ranking DNS data March 2024
+-------+-----------------------------------------------------------+
| A | The authoritative data included in the answer |
| | section of an authoritative reply |
+-------+-----------------------------------------------------------+
| A- | Data from the authority section of an |
| | authoritative answer |
+-------+-----------------------------------------------------------+
| BBB | Occluded data from a primary zone, or occluded |
| | data from a zone transfer |
+-------+-----------------------------------------------------------+
| BB | Data from the answer section of a non- |
| | authoritative answer, and non-authoritative data |
| | from the answer section of authoritative answers |
+-------+-----------------------------------------------------------+
| B | Additional information from an authoritative |
| | answer, Data from the authority section of a |
| | non-authoritative answer, Additional information |
| | from non-authoritative answers. |
+-------+-----------------------------------------------------------+
| CCC | Names and addresses for the root servers from a |
| | hints file |
+-------+-----------------------------------------------------------+
| CC | Names and addresses for the root servers built |
| | into resolver software |
+-------+-----------------------------------------------------------+
Table 1
3. IANA Considerations
This document does not require any IANA actions.
4. Security Considerations
The process of replacing RRsets in a resolvers cache with the RRsets
with a higher trustworthiness ranking, either passively or pro-
actively by explicit querying, is crucial to the security of the DNS.
5. Normative References
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
Specification", RFC 2181, DOI 10.17487/RFC2181, July 1997,
<https://www.rfc-editor.org/info/rfc2181>.
Hoffman, et al. Expires 5 September 2024 [Page 3]
�
Internet-Draft Ranking DNS data March 2024
Appendix A. Acknowledgements
Thanks to all the people that contributed to the discussion
surrounding the re-evaluation of how the trustworthiness of DNS data
should be ranked.
Authors' Addresses
Paul Hoffman
ICANN
Email: paul.hoffman@icann.org
Shumon Huque
Salesforce
Email: shuque@gmail.com
Willem Toorop
NLnet Labs
Science Park 400
1098 XH Amsterdam
Netherlands
Email: willem@nlnetlabs.nl
Hoffman, et al. Expires 5 September 2024 [Page 4]
