INTERNET-DRAFT M. Koerber SingNet Pte Ltd Expires June 2000 November 1999 draft-koerber-dnsind-glue-00.txt The GLUE Resource Records Status of This Document This draft, file name draft-koerber-dnsind-glue-00.txt, is intended to be become a Proposed Standard RFC. Distribution of this document is unlimited. Comments should be sent to or to the author. This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months. Internet-Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet- Drafts as reference material or to cite them other than as a ``working draft'' or ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. To view the entire list of current Internet-Drafts, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Abstract The GLUE-type Resource records offer an alternative to the use of traditional address records (A, AAAA, A6) as glue in parent zones. The intention is that GLUE-type records are only ever returned in the additional section of referrals, rather than as reply to address queries to a parent nameserver which is not actually responsible for the delegated zone. Koerber [Page 1] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 Acknowledgements The general structure and much verbiage in this ID was blatantly stolen from Donald K Eastlake 3rd's draft-ietf-dnsind-kitchen- sink-00.txt [KitchenSink]. Thanks go to David R Conrad and Bill Manning (among others) for review and constructive/destructive input. 1. Conventions used in this document "Address-type" (or "A-type") records (or queries) collectively refers to the address records (or queries) of the type A, AAAA and A6. "GLUE-type" (or "G-type") records (or queries) collectively refers to the new RRs defined by this document, GLUEA4, GLUEAAA and GLUEA6. 2. Introduction The Domain Name System (DNS) provides a replicated distributed secure hierarchical database which stores "resource records" (RRs) under hierarchical domain names. This data is structured into zones which are independently maintained. [RFC 1034, 1035] In some cases, where a nameserver the domain is delegated to, is itself part of the subdomain delegated, it is necessary to provide additional address information for the subdomain's nameserver inside the parent zone. Currently, this is performed by adding the requisite A resource record(s) in the parent zone. These A records located in the parent zone are commonly called 'glue' records. As the parent nameserver containing the 'glue'-address records is usually not actually authoritative for the subdomain, these address records are only intended for the purpose of finding the nameserver the subdomain is delegated to. Currently, a parent nameserver receiving an address query for a host inside a subdomain, which by chance also has a glue record inside the parent zone, will reply with this glue record. The resolver (or caching nameserver) usually is not able to distinguish whether this Koerber [Page 2] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 reply was due to a glue record. (The only hint is the non-authorita- tive reply from a nameserver which is not authoritative for the domain, but once the reply passes a caching nameserver this criterion will also not be sufficient for a conclusive determination). Problems also can arise where unnecessary 'glue' address records are inserted in the parent zone for operational convenience. It is desirable, that a parent nameserver only use its configured glue address information as part of a referral, and not reply with it when asked for the address record of the nameserver directly. A means of distinction between address records used solely as glue and general ones is required. The GLUE=type resource records defined in this document are intended to provide that distinction. They are intended to provide an alternative and better way to configure glue information, without overloading the A record for this purpose. 3. GLUE Resource Records This document defines 3 new RR types, one for each of the IP address record types in use at the moment (A, AAAA and A6). In addition, this document defines a query-type, without accompanying data-type, which can be used to query for any of the 3 defined RR types. 3.1. Records The symbol for the GLUE resource record for IPv4 addresses is GLUEA4. Its type number is . The symbol for the GLUE resource record for IPv6 addresses in AAAA RR format is GLUEAAAA. Its type number is . The symbol for the GLUE resource record for IPv6 addresses is GLUEA6. Its type number is . 3.2. Query-type GLUE A query-type GLUE (symbol GLUE, type number ) is defined for queries only. Queries for this RR type match any of the GLUEA4, GLUEAAA and GLUEA6 resource records which match the label queried. The GLUE query-type, not being (or having) an accompanying data-type, Koerber [Page 3] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 can never appear in any reply and it also cannot appear in any master file. 3.3. Data-type structures The structures of the GLUEA4, GLUEAAA and GLUEA6 resource records exactly follow the corresponding A, AAAA and A6 RRs: The RDATA portion of the GLUEA4 RR is structured exactly like the RDATA portion of the A RR defined in [RFC 1035] RDATA portion of the A6 RR defined in [Lookups] The GLUE-type RRs defined in this document are intended to offer an alternative to the use of A, AAAA and A6 records hitherto used as glue. When an authoritative nameserver for the parent zone, which has one or more of these GLUE-type records configured for a subdomain, is queried for any record in the subdomain and replies with a referral, it will include all GLUE-type records matching the label(s) of the delegated nameservers (mutated to A-type records) in the additional section of the reply. 4.1. Referral Behaviour If a parent nameserver replies to a query with a referral to one of its subdomains, it will include address information known to it for all nameservers in the additional section of the reply. If this address information consists of a traditional address record (A, AAAA or A6), it will simply include the record as configured in its zone. If this address record instead consists of one of the new GLUE-type records defined in this document, the server will mutate that GLUE- type record for purposes of the reply only into the corresponding Koerber [Page 4] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 address record, and include that in the additional section of the reply. The client asking receiving the reply will not know whether the address record included in the additional section of the reply has been included as result of a GLUE-type record or traditional address record having been configured in the parent zone (or whether a match- ing address record was simply found in the queried nameserver's cache). 4.2. Direct query for the address of a label, which also has a glue record If the parent nameserver receives an address query for a label, for which the parent nameserver has a glue record, use of the new GLUE- type records defined in this document will result in behaviour dif- ferent from when traditional address type glue records are used. In the case where the parent nameserver has a traditional address type glue record, this record will be returned in the ANSWER section of the reply. In the case where the new GLUE-type records are use, the parent name- server will reply with a referral, and include the (mutated to an address record) glue information from the GLUE-type record in the additional record of the reply. This provides, that an address query for the same label (which may be the result of a different protocol access to the same host), will not be answered directly by the parent nameserver with information only intended for glue purposes. Instead, in these cases a referral to the authoritative nameservers (including the glue information the the additional section) will allow the client to find authoritative information, which may potentially be of better quality. 4.3. Zonetransfers The GLUEA4, GLUEAAAA and GLUEA6 RRs shall be transferred as their own proper type in zonetransfers (AXFR or IXFR). Apart from the require- ment that all authoritative nameservers for the zone containing the GLUE-type records support same, no special processing or considera- tions are required Koerber [Page 5] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 4.3.1. Updates For updates to nameservers including glue-type records, both the update-client and the nameservers updated will have to support these records. 4.4. GLUE-type records never returned for address queries GLUEA4, GLUEAAA and GLUEA6 resource records are NOT returned in response to query for corresponding A-type queries for the same label, except as A-tye records in the additional section of a refer- ral. 5. Operational Considerations While use of the GLUE-type RRs is transparent to the clients (which will see the glue address information in the additional section as address-type records), there are operational considerations to imple- menting glue using GLUE-type records rather than address-type records. 5.1. Parent zone-wide support All nameservers authoritative for the parent domain must support GLUE-type records, for zonetransfers to work properly. 5.2. Dynamic Update Update sources must support GLUE-type records for updates to the par- ent zone to function properly 5.3. Stub nameservers? The impact of GLUE-type records on stubs requires further study. Koerber [Page 6] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 5.4. Regular clients As the GLUE, GLUEA4, GLUEAAAA and GLUEA6 query-types are only intended for administrative purposes, clients not concerned with the administration of a parent zone containing GLUE-type RRs need not support these types. 6. Examples 6.1. Scenario Definitions Parent Zone with traditional glue records $ORIGIN parent.example. @ IN SOA ... IN NS p1.parent.example. IN NS p2.parent.example. [...] sub IN NS s3.sub.parent.example. s1.sub IN A 10.2.1.1 s2.sub IN A 10.2.2.2 s2.sub IN AAAA 1::1 s2.sub IN A6 1::1 s3.sub IN A6 1::2 [...] Parent Zone with GLUE-type glue records $ORIGIN parent.example. @ IN SOA ... IN NS p1.parent.example. IN NS p2.parent.example. [...] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 p1 IN A 10.1.1.1 p2 IN A 10.1.2.2 [...] s2.sub IN GLUEAAAA 1::1 s2.sub IN GLUEA6 1::1 s3.sub IN GLUEA6 1::2 [...] Note: p1 and p2 are not authoritative for either sub.parent.example. or other.parent.example. 6.2. Examples with traditional glue 6.2.1. query to p1.parent.example for subdomain nameserver: query: s1.sub.parent.example, type = A, class = IN reply: status: NOERROR flags: qr rd ra; QUERY: 1, ANSWER: 1 ANSWER SECTION: s1.sub.parent.example. IN A 10.2.1.1 6.2.2. query to p1.parent.example for subdomain nameserver, type ANY: query: s1.sub.parent.example, type = ANY, class = IN reply: Koerber [Page 8] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 status: NOERROR flags: qr rd ra; QUERY: 1, ANSWER: 1 ANSWER SECTION: s1.sub.parent.example. IN A 10.2.1.1 6.2.3. query for any host in subdomain to p1.parent.example: query: host.sub.parent.example, type = ANY, class = IN reply: status: NOERROR flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 5 ANSWER SECTION: AUTHORITY SECTION: sub.parent.example. IN NS s1.sub.parent.example. sub.parent.example. IN NS s2.sub.parent.example. sub.parent.example. IN NS s3.sub.parent.example. ADDITIONAL SECTION: s1.sub.parent.example. IN A 10.2.1.1 s2.sub.parent.example. IN A 10.2.2.2 s2.sub.parent.example. IN AAAA 1::1 s2.sub.parent.example. IN A6 1::1 s3.sub.parent.example. IN A6 1::2 6.3. Examples WITH GLUE-type records: 6.3.1. query to master nameserver p1.parent.example: query: s1.sub.parent.example, type = A, class = IN reply: status: NOERROR flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 5 ANSWER SECTION: Koerber [Page 9] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 AUTHORITY SECTION: sub.parent.example. IN NS s1.sub.parent.example. sub.parent.example. IN NS s2.sub.parent.example. sub.parent.example. IN NS s3.sub.parent.example. ADDITIONAL SECTION: s1.sub.parent.example. IN A 10.2.1.1 s2.sub.parent.example. IN A 10.2.2.2 s2.sub.parent.example. IN AAAA 1::1 s2.sub.parent.example. IN A6 1::1 s3.sub.parent.example. IN A6 1::2 6.3.2. query to p1.parent.example query: s1.sub.parent.example, type = ANY, class = IN reply: status: NOERROR flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ANSWER SECTION: AUTHORITY SECTION: sub.parent.example. IN NS s1.sub.parent.example. sub.parent.example. IN NS s2.sub.parent.example. sub.parent.example. IN NS s3.sub.parent.example. ADDITIONAL SECTION: s1.sub.parent.example. IN A 10.2.1.1 s2.sub.parent.example. IN A 10.2.2.2 s2.sub.parent.example. IN AAAA 1::1 s2.sub.parent.example. IN A6 1::1 s3.sub.parent.example. IN A6 1::2 6.3.3. specific query for GLUE-TYPE record: query: s1.sub.parent.example, type = GLUEA4, class = IN reply: status: NOERROR flags: qr rd ra; QUERY: 1, ANSWER: 1 Koerber [Page 10] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 ANSWER SECTION: s1.sub.parent.example. IN GLUEA4 10.2.1.1 6.3.4. query for ANY GLUE-type record: query: s2.sub.parent.example, type = GLUE, class = IN reply: status: NOERROR flags: qr rd ra; QUERY: 1, ANSWER: 3 ANSWER SECTION: s2.sub.parent.example. IN GLUEA4 10.2.2.2 s2.sub.parent.example. IN GLUEAAAA 1::1 s2.sub.parent.example. IN GLUEA6 1::1 7. Master File Representation GLUEA4, GLUEAAAA and GLUEA6 Resource records may appear as lines in zone master files. The RDATA fields appear exactly as defined by the corresponding A, AAAA and A6 resource records. The GLUE query-type does not define a data-type and thus must not appear in any master file. 8. Recursion Considerations A nameserver receiving queries for GLUEA4, GLUEAAAA or GLUEA6 records (or the GLUE query-type) must not recurse to find those elsewhere. The query-types for these are intended only to query whether these glue records exists in the queried nameserver itself. This function- ality if intended for administrative use only and should not be relied on for any operational purposes. If no such record is present, a NXDOMAIN status shall be returned. 9. Caching Considerations GLUEA4, GLUEAAAA and GLUEA6 RRs must never be cached by any Koerber [Page 11] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 nameserver. They are valid only on the authoritative nameserver of the parent domain. Caching of A RRs returned in the additional section of a reply fol- lows the existing guidelines. As the recipient of the reply is unable to distinguish GLUEA4, GLUEAAA and GLUEA RRs mutated into A, AAAA and A6 RRs for this purpose from traditional A, AAAA or A6 glue records, handling shall be no different. 10. Performance Considerations none (needs more study/comments) 11. Security Considerations [RFC 2535] covers data original authentication of the data in the domain name system including GLUEA4, GLUEAAAA and GLUEA6 RRs. 12. Y2K Considerations None. The GLUEA4, GLUEAAAA and GLUEA6 RRs do not carry any time or date information. 13. Internationalization Considerations Only the label part of the GLUEA4, GLUEAAAA and GLUEA6 RRs may be affected by internationalization. There is nothing special in these RRs which may affect internationalization efforts in any way differ- ent to the rest of the DNS system. 14. IANA Considerations Values referred to herein as TBA1, TBA2, TBA3 and TBA4 are to be assigned by the IANA in the usual manner for DNS Resource Record Types. There are no other IANA considerations. Koerber [Page 12] draft-koerber-dnsind-glue-00.txt Resource Records November 1999 15. References [RFC 1034] - P. Mockapetris, "Domain names - concepts and facili- ties", 11/01/1987. [RFC 1035] - P. Mockapetris, "Domain names - implementation and spec- ification", 11/01/1987. [RFC 1886] - S. Thomson, C. Huitema, "DNS Extensions to support IP version 6", December 1995. [RFC 2535] - D. Eastlake, "Domain Name System Security Extensions", March 1999. [KitchenSink] - D. Eastlake, "The Kitchen Sink Resource Record", June 1999 [Lookups] - Matt Crawford, Christian Huitema, Susan Thomson, "DNS Extensions to Support IPv6 Address Aggregation and Renumbering" (draft-ietf-ipngwg-dns-lookups-06.txt), November 17, 1999 16. Author's Address Mathias Krber SingNet Pte Ltd 2 Stirling Road, #03-00 Singapore 148943 Telephone: +65 471 9820 (w) FAX: +65 475 3273 (w) EMail: mathias@staff.singnet.com.sg (w) mathias@koerber.org (h) 17. Expiration and File Name This draft expires June 2000. Its file name is draft-koerber-dnsind-glue-00.txt. Table of Contents Koerber [Page 13] draft-koerber-dnsind-glueT-h0e0GLUE Resource Records November 1999 Table of Contents 1. Conventions used in this document . . . . . . . . . . . . . . . . 2 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. GLUE Resource Records . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Query-type GLUE . . . . . . . . . . . . . . . . . . . . . . . . 3 3.3. Data-type structures . . . . . . . . . . . . . . . . . . . . . 4 4. Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Referral Behaviour . . . . . . . . . . . . . . . . . . . . . . 4 4.2. Direct query for the address of a label, which also has a glue record . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.3. Zonetransfers . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.3.1. Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.4. GLUE-type queries never returned for address queries . . . . . 6 5. Operational Considerations . . . . . . . . . . . . . . . . . . . 6 5.1. Parent zone-wide support . . . . . . . . . . . . . . . . . . . 6 5.2. Dynamic Update . . . . . . . . . . . . . . . . . . . . . . . . 6 5.3. Stub nameservers? . . . . . . . . . . . . . . . . . . . . . . 6 5.4. Regular clients . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 6.1. Scenario Definitions . . . . . . . . . . . . . . . . . . . . . 7 6.2. Examples with traditional glue . . . . . . . . . . . . . . . . 8 6.2.1. query to p1.parent.example for subdomain nameserver: . . . . 8 6.2.2. query to p1.parent.example for subdomain nameserver, type ANY: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.2.3. query for any host in subdomain to p1.parent.example: . . . . 9 6.3. Examples WITH GLUE-type records: . . . . . . . . . . . . . . . 9 6.3.1. query to master nameserver p1.parent.example: . . . . . . . . 9 6.3.2. query to p1.parent.example . . . . . . . . . . . . . . . . . 10 6.3.3. specific query for GLUE-TYPE record: . . . . . . . . . . . . 10 6.3.4. query for ANY GLUE-type record: . . . . . . . . . . . . . . . 11 7. Master File Representation . . . . . . . . . . . . . . . . . . . 11 8. Recursion Consideration . . . . . . . . . . . . . . . . . . . . . 11 9. Caching Considerations . . . . . . . . . . . . . . . . . . . . . 11 10. Performance Considerations . . . . . . . . . . . . . . . . . . . 12 11. Security Considerations . . . . . . . . . . . . . . . . . . . . 12 12. Y2K Considerations . . . . . . . . . . . . . . . . . . . . . . . 12 13. Internationalization Considerations . . . . . . . . . . . . . . 12 14. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 12 15. References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 16. Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 17. Expiration and File Name . . . . . . . . . . . . . . . . . . . . 13 Koerber [Page 1]