upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

new draft

Browse source
This commit is contained in:
Mark Andrews 2010-08-11 00:58:20 +00:00
parent 2fa731eafb
commit 999ffe78c4
1 changed files with 141 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

226
doc/draft/draft-yao-dnsext-bname-03.txt → doc/draft/draft-yao-dnsext-bname-04.txt
View file

@ -3,13 +3,13 @@
Network Working Group J. Yao
Internet-Draft X. Lee
Intended status: Standards Track CNNIC
Expires: December 30, 2010 P. Vixie
Expires: February 12, 2011 P. Vixie
Internet Software Consortium
June 28, 2010
August 11, 2010
Bundle DNS Name Redirection
draft-yao-dnsext-bname-03.txt
draft-yao-dnsext-bname-04.txt
Abstract
@ -34,7 +34,7 @@ Status of this Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 30, 2010.
This Internet-Draft will expire on February 12, 2011.
Copyright Notice
@ -51,9 +51,9 @@ Copyright Notice
Yao, et al. Expires December 30, 2010 [Page 1]
Yao, et al. Expires February 12, 2011 [Page 1]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
the Trust Legal Provisions and are provided without warranty as
@ -83,22 +83,22 @@ Table of Contents
3.3. The BNAME Rules . . . . . . . . . . . . . . . . . . . . . 4
4. Query Processing . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. Processing by Servers . . . . . . . . . . . . . . . . . . 5
4.2. Processing by Resolvers . . . . . . . . . . . . . . . . . 7
5. BNAME in DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 8
5.1. BNAME Validating . . . . . . . . . . . . . . . . . . . . . 8
5.2. BNAME alias algorithm identifiers . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1. draft-yao-dnsext-bname: Version 00 . . . . . . . . . . . . 10
9.2. draft-yao-dnsext-bname: Version 01 . . . . . . . . . . . . 10
9.3. draft-yao-dnsext-bname: Version 02 . . . . . . . . . . . . 10
9.4. draft-yao-dnsext-bname: Version 03 . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2. Processing by Resolvers . . . . . . . . . . . . . . . . . 8
5. BNAME in DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 9
5.1. BNAME validating . . . . . . . . . . . . . . . . . . . . . 9
5.2. BNAME alias algorithm identifiers . . . . . . . . . . . . 10
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1. draft-yao-dnsext-bname: Version 00 . . . . . . . . . . . . 11
9.2. draft-yao-dnsext-bname: Version 01 . . . . . . . . . . . . 11
9.3. draft-yao-dnsext-bname: Version 02 . . . . . . . . . . . . 11
9.4. draft-yao-dnsext-bname: Version 03 . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
10.1. Normative References . . . . . . . . . . . . . . . . . . . 12
10.2. Informative References . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
@ -107,9 +107,9 @@ Table of Contents
Yao, et al. Expires December 30, 2010 [Page 2]
Yao, et al. Expires February 12, 2011 [Page 2]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
1. Introduction
@ -163,9 +163,9 @@ Internet-Draft bname June 2010
Yao, et al. Expires December 30, 2010 [Page 3]
Yao, et al. Expires February 12, 2011 [Page 3]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
original one. The BNAME solution provides the solution to both ASCII
@ -219,9 +219,9 @@ Internet-Draft bname June 2010
Yao, et al. Expires December 30, 2010 [Page 4]
Yao, et al. Expires February 12, 2011 [Page 4]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
[RFC1034] must be modified slightly for both servers and resolvers.
@ -234,12 +234,50 @@ Internet-Draft bname June 2010
For a server performing non-recursive service steps 3.a, 3.c and 4 of
section 4.3.2 [RFC1034] are changed to check for a BNAME record, and
to return certain BNAME records from zone data and the cache. When
to return certain BNAME records from zone data and the cache.
If the owner name of the bname is the suffix of the name queryed but
different, when preparing a response, a server performing a BNAME
substitution will in all cases include the relevant BNAME RR in the
answer section. A CNAME RR is synthesized and included in the answer
section. This will help the client to reach the correct DNS data.
If the owner name of the bname is same with the name queryed, when
preparing a response, a server performing a BNAME substitution will
in all cases include the relevant BNAME RR in the answer section. A
CNAME RR is synthesized and included in the answer section. This
will help the client to reach the correct DNS data. The provided
synthesized CNAME RR, MUST have
not include the relevant BNAME RR in the answer section unless the
type queryed is BNAME. A CNAME RR will be synthesized and included
in the answer section unless the type queryed is BNAME or the query
is the DNSSEC query.
The provided synthesized CNAME RR if there has one, MUST have
Yao, et al. Expires February 12, 2011 [Page 5]
Internet-Draft bname August 2010
The same CLASS as the QCLASS of the query,
@ -275,9 +313,27 @@ Internet-Draft bname June 2010
Yao, et al. Expires December 30, 2010 [Page 5]
Yao, et al. Expires February 12, 2011 [Page 6]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
a. If the whole of QNAME is matched, we have found the node.
@ -331,9 +387,9 @@ Internet-Draft bname June 2010
Yao, et al. Expires December 30, 2010 [Page 6]
Yao, et al. Expires February 12, 2011 [Page 7]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
@ -387,9 +443,9 @@ Internet-Draft bname June 2010
Yao, et al. Expires December 30, 2010 [Page 7]
Yao, et al. Expires February 12, 2011 [Page 8]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
1. See if the answer is in local information, and if so return it to
@ -431,27 +487,37 @@ Internet-Draft bname June 2010
5. BNAME in DNSSEC
5.1. BNAME Validating
5.1. BNAME validating
With the deployment of DNSSEC, more and more servers and resolvers
will support DNSSEC. In order to make BNAME valid in DNSSEC
verification, the DNSSEC enabled resolvers and servers MUST support
BNAME. The synthesized CNAME in the answer section for the BNAME
will never be signed. DNSSEC validators MUST understand BNAME,
verify the BNAME and then checking that the CNAME was properly
synthesized in order to verify the synthesized CNAME. In any
will never be signed if there has one.
If the owner name of the bname is the suffix of the name queryed but
Yao, et al. Expires December 30, 2010 [Page 8]
Yao, et al. Expires February 12, 2011 [Page 9]
Internet-Draft bname June 2010
Internet-Draft bname August 2010
negative response, the NSEC or NSEC3 [RFC5155] record type bit map
SHOULD be checked to see that there was no BNAME that could have been
applied. If the BNAME bit in the type bit map is set and the query
type is not BNAME, then BNAME substitution should have been done.
different, DNSSEC validators MUST understand BNAME, verify the BNAME
and then checking that the CNAME was properly synthesized in order to
verify the synthesized CNAME.
If the owner name of the bname is same with the name queryed, DNSSEC
validators MUST understand BNAME and verify the BNAME. The BNAME
enabled resolver (validator) should do somewhat analogous to a CNAME
for further query.
In any negative response, the NSEC or NSEC3 [RFC5155] record type bit
map SHOULD be checked to see that there was no BNAME that could have
been applied. If the BNAME bit in the type bit map is set and the
query type is not BNAME, then BNAME substitution should have been
done.
5.2. BNAME alias algorithm identifiers
@ -486,6 +552,14 @@ Internet-Draft bname June 2010
7. Security Considerations
Both ASCII domain name labels and non-ASCII ones have some aliases.
Yao, et al. Expires February 12, 2011 [Page 10]
Internet-Draft bname August 2010
We can bundle the domain name labels and their aliases through BNAME
in the DNS resolutions. The name labels and their aliases in the
particular languages are only known by those who know these
@ -495,15 +569,6 @@ Internet-Draft bname June 2010
aliases unless they are properly configured.
Yao, et al. Expires December 30, 2010 [Page 9]
Internet-Draft bname June 2010
8. Acknowledgements
Because the BNAME is very similar to DNAME, the authors learn a lot
@ -542,6 +607,15 @@ Internet-Draft bname June 2010
10. References
Yao, et al. Expires February 12, 2011 [Page 11]
Internet-Draft bname August 2010
10.1. Normative References
[ASCII] American National Standards Institute (formerly United
@ -552,14 +626,6 @@ Internet-Draft bname June 2010
RFC 2671, August 1999.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
Yao, et al. Expires December 30, 2010 [Page 10]
Internet-Draft bname June 2010
STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and
@ -598,6 +664,14 @@ Internet-Draft bname June 2010
RFC 4033, March 2005.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Yao, et al. Expires February 12, 2011 [Page 12]
Internet-Draft bname August 2010
Rose, "Resource Records for the DNS Security Extensions",
RFC 4034, March 2005.
@ -609,13 +683,6 @@ Internet-Draft bname June 2010
Security (DNSSEC) Hashed Authenticated Denial of
Existence", RFC 5155, March 2008.
Yao, et al. Expires December 30, 2010 [Page 11]
Internet-Draft bname June 2010
10.2. Informative References
[RFC2672bis]
@ -656,18 +723,7 @@ Authors' Addresses
Yao, et al. Expires December 30, 2010 [Page 12]
Yao, et al. Expires February 12, 2011 [Page 13]