From: Automatic Updater Date: Wed, 11 Aug 2010 01:14:50 +0000 (+0000) Subject: sync X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c90f2e358e652a43a4ac328b87895a7dc8557ce;p=thirdparty%2Fbind9.git sync --- diff --git a/doc/draft/draft-yao-dnsext-bname-03.txt b/doc/draft/draft-yao-dnsext-bname-04.txt similarity index 83% rename from doc/draft/draft-yao-dnsext-bname-03.txt rename to doc/draft/draft-yao-dnsext-bname-04.txt index 1289010a6e9..8b6615aa9b4 100644 --- a/doc/draft/draft-yao-dnsext-bname-03.txt +++ b/doc/draft/draft-yao-dnsext-bname-04.txt @@ -3,13 +3,13 @@ Network Working Group J. Yao Internet-Draft X. Lee Intended status: Standards Track CNNIC -Expires: December 30, 2010 P. Vixie +Expires: February 12, 2011 P. Vixie Internet Software Consortium - June 28, 2010 + August 11, 2010 Bundle DNS Name Redirection - draft-yao-dnsext-bname-03.txt + draft-yao-dnsext-bname-04.txt Abstract @@ -34,7 +34,7 @@ Status of this Memo time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on December 30, 2010. + This Internet-Draft will expire on February 12, 2011. Copyright Notice @@ -51,9 +51,9 @@ Copyright Notice -Yao, et al. Expires December 30, 2010 [Page 1] +Yao, et al. Expires February 12, 2011 [Page 1] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 the Trust Legal Provisions and are provided without warranty as @@ -83,22 +83,22 @@ Table of Contents 3.3. The BNAME Rules . . . . . . . . . . . . . . . . . . . . . 4 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Processing by Servers . . . . . . . . . . . . . . . . . . 5 - 4.2. Processing by Resolvers . . . . . . . . . . . . . . . . . 7 - 5. BNAME in DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 8 - 5.1. BNAME Validating . . . . . . . . . . . . . . . . . . . . . 8 - 5.2. BNAME alias algorithm identifiers . . . . . . . . . . . . 9 - 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 - 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 - 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 - 9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 10 - 9.1. draft-yao-dnsext-bname: Version 00 . . . . . . . . . . . . 10 - 9.2. draft-yao-dnsext-bname: Version 01 . . . . . . . . . . . . 10 - 9.3. draft-yao-dnsext-bname: Version 02 . . . . . . . . . . . . 10 - 9.4. draft-yao-dnsext-bname: Version 03 . . . . . . . . . . . . 10 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 10.1. Normative References . . . . . . . . . . . . . . . . . . . 10 - 10.2. Informative References . . . . . . . . . . . . . . . . . . 12 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 + 4.2. Processing by Resolvers . . . . . . . . . . . . . . . . . 8 + 5. BNAME in DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 9 + 5.1. BNAME validating . . . . . . . . . . . . . . . . . . . . . 9 + 5.2. BNAME alias algorithm identifiers . . . . . . . . . . . . 10 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 + 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 + 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 + 9. Change History . . . . . . . . . . . . . . . . . . . . . . . . 11 + 9.1. draft-yao-dnsext-bname: Version 00 . . . . . . . . . . . . 11 + 9.2. draft-yao-dnsext-bname: Version 01 . . . . . . . . . . . . 11 + 9.3. draft-yao-dnsext-bname: Version 02 . . . . . . . . . . . . 11 + 9.4. draft-yao-dnsext-bname: Version 03 . . . . . . . . . . . . 11 + 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 + 10.1. Normative References . . . . . . . . . . . . . . . . . . . 12 + 10.2. Informative References . . . . . . . . . . . . . . . . . . 13 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 @@ -107,9 +107,9 @@ Table of Contents -Yao, et al. Expires December 30, 2010 [Page 2] +Yao, et al. Expires February 12, 2011 [Page 2] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 1. Introduction @@ -163,9 +163,9 @@ Internet-Draft bname June 2010 -Yao, et al. Expires December 30, 2010 [Page 3] +Yao, et al. Expires February 12, 2011 [Page 3] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 original one. The BNAME solution provides the solution to both ASCII @@ -219,9 +219,9 @@ Internet-Draft bname June 2010 -Yao, et al. Expires December 30, 2010 [Page 4] +Yao, et al. Expires February 12, 2011 [Page 4] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 [RFC1034] must be modified slightly for both servers and resolvers. @@ -234,12 +234,50 @@ Internet-Draft bname June 2010 For a server performing non-recursive service steps 3.a, 3.c and 4 of section 4.3.2 [RFC1034] are changed to check for a BNAME record, and - to return certain BNAME records from zone data and the cache. When + to return certain BNAME records from zone data and the cache. + + If the owner name of the bname is the suffix of the name queryed but + different, when preparing a response, a server performing a BNAME + substitution will in all cases include the relevant BNAME RR in the + answer section. A CNAME RR is synthesized and included in the answer + section. This will help the client to reach the correct DNS data. + + If the owner name of the bname is same with the name queryed, when preparing a response, a server performing a BNAME substitution will - in all cases include the relevant BNAME RR in the answer section. A - CNAME RR is synthesized and included in the answer section. This - will help the client to reach the correct DNS data. The provided - synthesized CNAME RR, MUST have + not include the relevant BNAME RR in the answer section unless the + type queryed is BNAME. A CNAME RR will be synthesized and included + in the answer section unless the type queryed is BNAME or the query + is the DNSSEC query. + + The provided synthesized CNAME RR if there has one, MUST have + + + + + + + + + + + + + + + + + + + + + + + + + +Yao, et al. Expires February 12, 2011 [Page 5] + +Internet-Draft bname August 2010 The same CLASS as the QCLASS of the query, @@ -275,9 +313,27 @@ Internet-Draft bname June 2010 -Yao, et al. Expires December 30, 2010 [Page 5] + + + + + + + + + + + + + + + + + + +Yao, et al. Expires February 12, 2011 [Page 6] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 a. If the whole of QNAME is matched, we have found the node. @@ -331,9 +387,9 @@ Internet-Draft bname June 2010 -Yao, et al. Expires December 30, 2010 [Page 6] +Yao, et al. Expires February 12, 2011 [Page 7] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 @@ -387,9 +443,9 @@ Internet-Draft bname June 2010 -Yao, et al. Expires December 30, 2010 [Page 7] +Yao, et al. Expires February 12, 2011 [Page 8] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 1. See if the answer is in local information, and if so return it to @@ -431,27 +487,37 @@ Internet-Draft bname June 2010 5. BNAME in DNSSEC -5.1. BNAME Validating +5.1. BNAME validating With the deployment of DNSSEC, more and more servers and resolvers will support DNSSEC. In order to make BNAME valid in DNSSEC verification, the DNSSEC enabled resolvers and servers MUST support BNAME. The synthesized CNAME in the answer section for the BNAME - will never be signed. DNSSEC validators MUST understand BNAME, - verify the BNAME and then checking that the CNAME was properly - synthesized in order to verify the synthesized CNAME. In any + will never be signed if there has one. + + If the owner name of the bname is the suffix of the name queryed but -Yao, et al. Expires December 30, 2010 [Page 8] +Yao, et al. Expires February 12, 2011 [Page 9] -Internet-Draft bname June 2010 +Internet-Draft bname August 2010 + + different, DNSSEC validators MUST understand BNAME, verify the BNAME + and then checking that the CNAME was properly synthesized in order to + verify the synthesized CNAME. - negative response, the NSEC or NSEC3 [RFC5155] record type bit map - SHOULD be checked to see that there was no BNAME that could have been - applied. If the BNAME bit in the type bit map is set and the query - type is not BNAME, then BNAME substitution should have been done. + If the owner name of the bname is same with the name queryed, DNSSEC + validators MUST understand BNAME and verify the BNAME. The BNAME + enabled resolver (validator) should do somewhat analogous to a CNAME + for further query. + + In any negative response, the NSEC or NSEC3 [RFC5155] record type bit + map SHOULD be checked to see that there was no BNAME that could have + been applied. If the BNAME bit in the type bit map is set and the + query type is not BNAME, then BNAME substitution should have been + done. 5.2. BNAME alias algorithm identifiers @@ -486,6 +552,14 @@ Internet-Draft bname June 2010 7. Security Considerations Both ASCII domain name labels and non-ASCII ones have some aliases. + + + +Yao, et al. Expires February 12, 2011 [Page 10] + +Internet-Draft bname August 2010 + + We can bundle the domain name labels and their aliases through BNAME in the DNS resolutions. The name labels and their aliases in the particular languages are only known by those who know these @@ -495,15 +569,6 @@ Internet-Draft bname June 2010 aliases unless they are properly configured. - - - - -Yao, et al. Expires December 30, 2010 [Page 9] - -Internet-Draft bname June 2010 - - 8. Acknowledgements Because the BNAME is very similar to DNAME, the authors learn a lot @@ -542,6 +607,15 @@ Internet-Draft bname June 2010 10. References + + + + +Yao, et al. Expires February 12, 2011 [Page 11] + +Internet-Draft bname August 2010 + + 10.1. Normative References [ASCII] American National Standards Institute (formerly United @@ -552,14 +626,6 @@ Internet-Draft bname June 2010 RFC 2671, August 1999. [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", - - - -Yao, et al. Expires December 30, 2010 [Page 10] - -Internet-Draft bname June 2010 - - STD 13, RFC 1034, November 1987. [RFC1035] Mockapetris, P., "Domain names - implementation and @@ -598,6 +664,14 @@ Internet-Draft bname June 2010 RFC 4033, March 2005. [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. + + + +Yao, et al. Expires February 12, 2011 [Page 12] + +Internet-Draft bname August 2010 + + Rose, "Resource Records for the DNS Security Extensions", RFC 4034, March 2005. @@ -609,13 +683,6 @@ Internet-Draft bname June 2010 Security (DNSSEC) Hashed Authenticated Denial of Existence", RFC 5155, March 2008. - - -Yao, et al. Expires December 30, 2010 [Page 11] - -Internet-Draft bname June 2010 - - 10.2. Informative References [RFC2672bis] @@ -656,18 +723,7 @@ Authors' Addresses - - - - - - - - - - - -Yao, et al. Expires December 30, 2010 [Page 12] +Yao, et al. Expires February 12, 2011 [Page 13]