Network Working Group J. Yao\r
Internet-Draft X. Lee\r
Intended status: Standards Track CNNIC\r
-Expires: December 30, 2010 P. Vixie\r
+Expires: February 12, 2011 P. Vixie\r
Internet Software Consortium\r
- June 28, 2010\r
+ August 11, 2010\r
\r
\r
Bundle DNS Name Redirection\r
- draft-yao-dnsext-bname-03.txt\r
+ draft-yao-dnsext-bname-04.txt\r
\r
Abstract\r
\r
time. It is inappropriate to use Internet-Drafts as reference\r
material or to cite them other than as "work in progress."\r
\r
- This Internet-Draft will expire on December 30, 2010.\r
+ This Internet-Draft will expire on February 12, 2011.\r
\r
Copyright Notice\r
\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 1]\r
+Yao, et al. Expires February 12, 2011 [Page 1]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
\r
\r
the Trust Legal Provisions and are provided without warranty as\r
3.3. The BNAME Rules . . . . . . . . . . . . . . . . . . . . . 4\r
4. Query Processing . . . . . . . . . . . . . . . . . . . . . . . 4\r
4.1. Processing by Servers . . . . . . . . . . . . . . . . . . 5\r
- 4.2. Processing by Resolvers . . . . . . . . . . . . . . . . . 7\r
- 5. BNAME in DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 8\r
- 5.1. BNAME Validating . . . . . . . . . . . . . . . . . . . . . 8\r
- 5.2. BNAME alias algorithm identifiers . . . . . . . . . . . . 9\r
- 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9\r
- 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9\r
- 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10\r
- 9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 10\r
- 9.1. draft-yao-dnsext-bname: Version 00 . . . . . . . . . . . . 10\r
- 9.2. draft-yao-dnsext-bname: Version 01 . . . . . . . . . . . . 10\r
- 9.3. draft-yao-dnsext-bname: Version 02 . . . . . . . . . . . . 10\r
- 9.4. draft-yao-dnsext-bname: Version 03 . . . . . . . . . . . . 10\r
- 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10\r
- 10.1. Normative References . . . . . . . . . . . . . . . . . . . 10\r
- 10.2. Informative References . . . . . . . . . . . . . . . . . . 12\r
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12\r
+ 4.2. Processing by Resolvers . . . . . . . . . . . . . . . . . 8\r
+ 5. BNAME in DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 9\r
+ 5.1. BNAME validating . . . . . . . . . . . . . . . . . . . . . 9\r
+ 5.2. BNAME alias algorithm identifiers . . . . . . . . . . . . 10\r
+ 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10\r
+ 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10\r
+ 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11\r
+ 9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 11\r
+ 9.1. draft-yao-dnsext-bname: Version 00 . . . . . . . . . . . . 11\r
+ 9.2. draft-yao-dnsext-bname: Version 01 . . . . . . . . . . . . 11\r
+ 9.3. draft-yao-dnsext-bname: Version 02 . . . . . . . . . . . . 11\r
+ 9.4. draft-yao-dnsext-bname: Version 03 . . . . . . . . . . . . 11\r
+ 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12\r
+ 10.1. Normative References . . . . . . . . . . . . . . . . . . . 12\r
+ 10.2. Informative References . . . . . . . . . . . . . . . . . . 13\r
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13\r
\r
\r
\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 2]\r
+Yao, et al. Expires February 12, 2011 [Page 2]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
\r
\r
1. Introduction\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 3]\r
+Yao, et al. Expires February 12, 2011 [Page 3]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
\r
\r
original one. The BNAME solution provides the solution to both ASCII\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 4]\r
+Yao, et al. Expires February 12, 2011 [Page 4]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
\r
\r
[RFC1034] must be modified slightly for both servers and resolvers.\r
\r
For a server performing non-recursive service steps 3.a, 3.c and 4 of\r
section 4.3.2 [RFC1034] are changed to check for a BNAME record, and\r
- to return certain BNAME records from zone data and the cache. When\r
+ to return certain BNAME records from zone data and the cache.\r
+\r
+ If the owner name of the bname is the suffix of the name queryed but\r
+ different, when preparing a response, a server performing a BNAME\r
+ substitution will in all cases include the relevant BNAME RR in the\r
+ answer section. A CNAME RR is synthesized and included in the answer\r
+ section. This will help the client to reach the correct DNS data.\r
+\r
+ If the owner name of the bname is same with the name queryed, when\r
preparing a response, a server performing a BNAME substitution will\r
- in all cases include the relevant BNAME RR in the answer section. A\r
- CNAME RR is synthesized and included in the answer section. This\r
- will help the client to reach the correct DNS data. The provided\r
- synthesized CNAME RR, MUST have\r
+ not include the relevant BNAME RR in the answer section unless the\r
+ type queryed is BNAME. A CNAME RR will be synthesized and included\r
+ in the answer section unless the type queryed is BNAME or the query\r
+ is the DNSSEC query.\r
+\r
+ The provided synthesized CNAME RR if there has one, MUST have\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+Yao, et al. Expires February 12, 2011 [Page 5]\r
+\f\r
+Internet-Draft bname August 2010\r
\r
\r
The same CLASS as the QCLASS of the query,\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 5]\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+Yao, et al. Expires February 12, 2011 [Page 6]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
\r
\r
a. If the whole of QNAME is matched, we have found the node.\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 6]\r
+Yao, et al. Expires February 12, 2011 [Page 7]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
\r
\r
\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 7]\r
+Yao, et al. Expires February 12, 2011 [Page 8]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
\r
\r
1. See if the answer is in local information, and if so return it to\r
\r
5. BNAME in DNSSEC\r
\r
-5.1. BNAME Validating\r
+5.1. BNAME validating\r
\r
With the deployment of DNSSEC, more and more servers and resolvers\r
will support DNSSEC. In order to make BNAME valid in DNSSEC\r
verification, the DNSSEC enabled resolvers and servers MUST support\r
BNAME. The synthesized CNAME in the answer section for the BNAME\r
- will never be signed. DNSSEC validators MUST understand BNAME,\r
- verify the BNAME and then checking that the CNAME was properly\r
- synthesized in order to verify the synthesized CNAME. In any\r
+ will never be signed if there has one.\r
+\r
+ If the owner name of the bname is the suffix of the name queryed but\r
\r
\r
\r
-Yao, et al. Expires December 30, 2010 [Page 8]\r
+Yao, et al. Expires February 12, 2011 [Page 9]\r
\f\r
-Internet-Draft bname June 2010\r
+Internet-Draft bname August 2010\r
+\r
\r
+ different, DNSSEC validators MUST understand BNAME, verify the BNAME\r
+ and then checking that the CNAME was properly synthesized in order to\r
+ verify the synthesized CNAME.\r
\r
- negative response, the NSEC or NSEC3 [RFC5155] record type bit map\r
- SHOULD be checked to see that there was no BNAME that could have been\r
- applied. If the BNAME bit in the type bit map is set and the query\r
- type is not BNAME, then BNAME substitution should have been done.\r
+ If the owner name of the bname is same with the name queryed, DNSSEC\r
+ validators MUST understand BNAME and verify the BNAME. The BNAME\r
+ enabled resolver (validator) should do somewhat analogous to a CNAME\r
+ for further query.\r
+\r
+ In any negative response, the NSEC or NSEC3 [RFC5155] record type bit\r
+ map SHOULD be checked to see that there was no BNAME that could have\r
+ been applied. If the BNAME bit in the type bit map is set and the\r
+ query type is not BNAME, then BNAME substitution should have been\r
+ done.\r
\r
5.2. BNAME alias algorithm identifiers\r
\r
7. Security Considerations\r
\r
Both ASCII domain name labels and non-ASCII ones have some aliases.\r
+\r
+\r
+\r
+Yao, et al. Expires February 12, 2011 [Page 10]\r
+\f\r
+Internet-Draft bname August 2010\r
+\r
+\r
We can bundle the domain name labels and their aliases through BNAME\r
in the DNS resolutions. The name labels and their aliases in the\r
particular languages are only known by those who know these\r
aliases unless they are properly configured.\r
\r
\r
-\r
-\r
-\r
-\r
-Yao, et al. Expires December 30, 2010 [Page 9]\r
-\f\r
-Internet-Draft bname June 2010\r
-\r
-\r
8. Acknowledgements\r
\r
Because the BNAME is very similar to DNAME, the authors learn a lot\r
\r
10. References\r
\r
+\r
+\r
+\r
+\r
+Yao, et al. Expires February 12, 2011 [Page 11]\r
+\f\r
+Internet-Draft bname August 2010\r
+\r
+\r
10.1. Normative References\r
\r
[ASCII] American National Standards Institute (formerly United\r
RFC 2671, August 1999.\r
\r
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities",\r
-\r
-\r
-\r
-Yao, et al. Expires December 30, 2010 [Page 10]\r
-\f\r
-Internet-Draft bname June 2010\r
-\r
-\r
STD 13, RFC 1034, November 1987.\r
\r
[RFC1035] Mockapetris, P., "Domain names - implementation and\r
RFC 4033, March 2005.\r
\r
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.\r
+\r
+\r
+\r
+Yao, et al. Expires February 12, 2011 [Page 12]\r
+\f\r
+Internet-Draft bname August 2010\r
+\r
+\r
Rose, "Resource Records for the DNS Security Extensions",\r
RFC 4034, March 2005.\r
\r
Security (DNSSEC) Hashed Authenticated Denial of\r
Existence", RFC 5155, March 2008.\r
\r
-\r
-\r
-Yao, et al. Expires December 30, 2010 [Page 11]\r
-\f\r
-Internet-Draft bname June 2010\r
-\r
-\r
10.2. Informative References\r
\r
[RFC2672bis]\r
\r
\r
\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-Yao, et al. Expires December 30, 2010 [Page 12]\r
+Yao, et al. Expires February 12, 2011 [Page 13]\r
\f\r
\r
\r
projects / thirdparty / bind9.git / commitdiff
