RIPE NetNews WG Daniel Diaz Internet Draft SATEC, S.A October, 2000 Experimental NHNS - Netnews Hierarchy Names System Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Comments should be sent to the author or the RIPE NetNews WG Mailing list netnews-wg@ripe.net. 1. Abstract This document is focused on and describes one of the projects supported and carried out by the RIPE NetNews WG. NHNS is a system and service based on a DNS-like structure that has been discussed, eveloped and deployed by the RIPE NetNews Working Group. 2. Introduction This document defines the use of the known and regularly used DNS service as a database to store all the information related to USENET (i.e., newsgroups and newsgroups descriptions, moderators, grouplists, hierarchies maintainers, hierarchies descriptions, etc. This system is called Netnews Hierarchy Names System (NHNS). Expires April 2001 [Page 1] INTERNET-DRAFT Netnews Hierarchy Names System October 2000 Familiarity with the DNS system [RFC1034, RFC1035] and the New DNS RR definitions [RFC1183] is assumed. 3. Origins and history of NHNS The NetNews Hierarchy Names System (NHNS) emerged from the RIPE NetNews Working Group (NNWG) around May 1999. The NNWG agreed to create the 'groupsync project' just after suffering a 'fork-bomb' attack, which affected the fastest and most important NetNews servers in Usenet collapsing them with thousand of faked control- messages. The initial goal of this project was to provide the Usenet community with a consistent source of information to synchronize their servers in a secure and reliable way. Other solutions were proposed but were not deployed. The NHNS approach was proposed and presented in RIPE-34 (Vienna, May 1998) and received the support of the NetNews Working Group. 4. Technical description NHNS is based on the well known and widely used DNS service and has benefited from the community³s experiences with DNS operational issues as well as existing DNS software implementations. The hierarchical structure of Usenet group names and moderator information bears a significant resemblance to the structure of the DNS hierarchy. Based on this, NHNS maps group names to their descriptions using DNS 'IN TXT' records and maps moderators' addresses using 'IN RP' records. This approach was first deployed as a private DNS 'cloud'. This 'cloud' consisted in a fake top level domain called 'usenet.', under which all existing top level hierarchies (alt.*, comp.*,..., at.*, ch.*, de.*, es.*,...) where located, as shown in the figure bellow: . / usenet /\ \ \ / \ \ \ /... \ ... \ ... \ ch es alt comp Expires April 2001 [Page 2] INTERNET-DRAFT Netnews Hierarchy Names System October 2000 The structure described above was supported by a fake root-server being master server for 'usenet.', some secondary name servers for 'usenet.' And primary name servers for each of the hierarchies (only a number of them participated in this previous deployment, up to a dozen). Thanks to this 'embryo' it was possible to test the NHNS system as well as developing tools to easily handle the information obtained from any NHNS (dns) server. It must be always born in mind that groupnames are written in reverse order in the dns zone-files, and a user (newsadmin or newsreader) expects the groupnames in the correct order, this is the main reason to have developed a kit of tools, which will be described later in the document [section 4.4]. After a test phase, all this structure (dns cloud) was located under an official dns domain 'usenet.nhns.net.'. So the current DNS cloud looked finally like the shonw below: . / net / nhns / usenet / \ \ \ /... \ ... \ ...... \ ch es alt comp NHNS system has been designed to have all the information about Usenet distributed in a DNS structure. Therefore, collaboration, mainly from the hierarchy maintainers, is required from them in order to delegate zones (hierarchies) from the master server for 'usenet.nhns.net.'. Thanks to the 'DNS UPDATE' feature, used by some of the existing NHNS-tools, a hierarchy maintainer is not compelled to set up and administrate a name server. This task could be delegated to any collaborator who would administrate the name server and would allow the official maintainer to update records (groups, ...), in the same way a maintainer sends control message nowadays in order to create, delete, or modify a newsgroup. Expires April 2001 [Page 3] INTERNET-DRAFT Netnews Hierarchy Names System October 2000 4.1. Use of the TXT record Format of the 'text' (TXT) resource record is specified in [RFC1183, section 3.3.14]. As stated before TXT records are used in NHNS to map groupnames to their descriptions as shown below: news.es. IN TXT "Netnews group mapped in NHNS" One of the things that come out at first from the example above is that the groupname is written in reverse order (i.e.: 'es.news' is the real name, and 'news.es.' is the name which represents this group in the DNS service). 4.2. Use of the RP record Format of the 'responsible person' (RP) resource record is specified in [RFC1183, section 2.2]. As stated before RP records are used in NHNS to map groupnames to their moderators' e-mail addresses as shown below : news.es.usenet.nhns.net. IN RP moderador.news.rediris.es. es. Apart of the groupname is written in reverse order, it is remarkable that the moderators³ e-mail addresses follow the DNS convention for mailbox encoding (using '.' Character instead of '@' character). Besides, the TXT_DNAME field indicates which netnews hierarchy does the groupname belong to (i.e.: es.*, hierarchy). 4.3. Zone files considerations Within the NHNS environment, a DNS zone-file represents or is equivalent to a grouplist, a hierarchy name is here in NHNS equivalent to a domain name (i.e.: the es.* hierarchy is equivalent to the 'es.usenet.nhns.net.' DNS domain). 4.4. Client tools. NHNS information may be obtained or checked using any of the available DNS client tools: bind-tools like 'dig', 'named-xfer', 'nslookup' etc. Expires April 2001 [Page 4] INTERNET-DRAFT Netnews Hierarchy Names System October 2000 A consideration must be pointed out about these tools: they have been developed to deal with DNS common domain names, and the groupnames in NHNS are written in reverse order. Therefore, groupnames obtained in a single-query or zone-transfer will be shown in reverse order as explained in [4.1] and [4.2], and probably a post-process would be required to make the information useful and operative. The circumstance described leads us to develop adapted tools to handle the DNS information to sort the groupnames and print them in the common 'Usenet' order, this set of tools is described below: nhlookup: Permits to issue single queries to any DNS server in Internet. The description of the group and the moderators e-mail address in case it is a moderated group, will be obtained and printed. nh-xfer: Permits to obtain a desired grouplist of a supported hierarchy. It performs a zone-transfer and translates the obtained information in a common Usenet 'grouplist' format. newsync: Permits to synchronize the typical configuration files of a news server, active and newsgroups files. It issues multiple zone- transfers to later process and files synchronization. All these tools and more information are available at http://nh.nhns.net/ 5. Use of NHNS service by news administrators. Right now, news administrators may use the tools available at the different DNS implementations. Like bind-tools or the specific tools developed by Juan Garcia juan.garcia@satec.es and the author, as well as tested, revised and patched by members of the ripe-nnwg working group. Expires April 2001 [Page 5] INTERNET-DRAFT Netnews Hierarchy Names System October 2000 Administrators may obtain many advantages from the NHNS service. Benefits like the following ones: - Single access to ask for any group in Usenet tlhs. - Possibility to synchronize a news server means the NHNS service (transferring zones). - Possibility of knowing who is responsible for any newsgroup moderation. 6. Security Considerations The NHNS system and service makes use of the existing DNS service and structure, therefore all security issues related to DNS apply as well for NHNS In practice, a NHNS administrator must take care of the permissions to update resource records as well as the permissions to transfer zones. 7. References [1] Elmar K. Vins, NHNS server configuration tutorial. http://nh.nhns.net/nhns/DOC/nhnstutorial-1.0.txt September 1999. [2] Daniel Diaz, NHNS description. http://nh.nhns.net/nhns/DOC/nhns-1.0.txt April 1999. [3] Daniel Diaz, newsync command tutorial. http://nh.nhns.net/nhns/DOC/newsync.txt October 1999. [RFC1034] P. Mockapetris, "Domain Names - Concepts and Facilities, "RFC 1034, ISI, November 1987. [RFC1035] P. Mockapetris, "Domain Names - Implementation and Specification,"RFC 1035, ISI, November 1987. [RFC2136] P. Vixie (Ed.), S. Thomson, Y. Rekhter, J. Bound Dynamic Updates in the Domain Name System," RFC 2136, ISC & Bellcore & Cisco & DEC, April 1997. [SSU] B. Wellington, "Simple Secure Domain Name System (DNS) Dynamic Update," draft-ietf-dnsext-simple-secure-update -01.txt, Nominum, May 2000. Expires April 2001 [Page 6] INTERNET-DRAFT Netnews Hierarchy Names System October 2000 8. Acknowledgments The author would like to thank the following people for review, support to the NHNS system, bug reports and general collaboration (in alphabetical order): Alex French. Felix Kugler. Joe St. Sauver. Juan Carlos Moreno. Miguel A. Vences Ruben Martinez. Valentin Albillo. 9. Author's Addresses Daniel Diaz Satec, S.A Avda. de Europa n.34-A 28003 Madrid SPAIN. Phone: +34 91 708 90 00, +34 963 47 43 87 Email: daniel.diaz@satec.es 10. Full Copyright Statement "Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. Expires April 2001 [Page 7] INTERNET-DRAFT Netnews Hierarchy Names System October 2000 This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. Expires April 2001 [Page 8]