Internet DRAFT - draft-pp-dnsop-authinfo

draft-pp-dnsop-authinfo







Network Working Group                                         P. Hoffman
Internet-Draft                                                     ICANN
Intended status: Standards Track                                 P. Sood
Expires: March 12, 2021                                           Google
                                                      September 08, 2020


          Reporting Information from DNS Authoritative Servers
                        draft-pp-dnsop-authinfo-00

Abstract

   This document defines a new DNS RRtype, AUTHINFO, that is used by
   authoritative servers to publish information about themselves.  This
   information can be useful because a recursive resolver can determine
   an authoritative server's capabilities, such as whether an
   authoritative server supports the EDNS(0) client subnet extension.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 12, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of




Hoffman & Sood           Expires March 12, 2021                 [Page 1]

Internet-Draft                DNS AUTHINFO                September 2020


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Definitions . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Authoritative Server Information  . . . . . . . . . . . . . .   2
   3.  Contents of the Returned I-JSON Object  . . . . . . . . . . .   3
     3.1.  Example . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Using AUTHINFO Responses for Detecting Client Subnet Support    4
     4.1.  Example . . . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
     5.1.  AUTHINFO RRtype . . . . . . . . . . . . . . . . . . . . .   4
     5.2.  Registry for DNS Authoritative Server Information . . . .   5
     5.3.  Registration for ecs-supported in the IANA DNS
           Authoritative Server Information Registry . . . . . . . .   5
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   It is sometimes useful for a DNS recursive resolver to know the
   capabilities of an authoritative server before sending queries.
   Because the record with this information can be signed with DNSSEC,
   it can be used to help a recursive resolver know whether to expect
   particular EDNS(0) [RFC6891] options in responses.  Other uses for
   the information may be developed in the future.

1.1.  Definitions

   The term "authoritative server" is defined in [RFC8499].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  Authoritative Server Information

   A recursive resolver that wants to use the DNS to get information
   about an authoritative server sends a query of <some_name>/IN/
   AUTHINFO to the authoritative server.  The name <some_name> is a
   placeholder for any zone for which the authoritative server is



Hoffman & Sood           Expires March 12, 2021                 [Page 2]

Internet-Draft                DNS AUTHINFO                September 2020


   authoritative.  For example, if an authoritative server is
   authoritative for example.com, the query could be example.com/IN/
   AUTHINFO, or the QNAME could be any other name for which the server
   is authoritative.  If the QNAME in the request is for a zone for
   which the authoritative server is not authoritative, the response
   MUST be an NXDOMAIN response.

   The RRtype "AUTHINFO" is defined in this document, and the IANA
   assignment is given in Section 5.1.  The contents of the Rdata in the
   response to this query is defined in Section 3.  If the authoritative
   server understands the AUTHINFO RRtype, the RRset in the Answer
   section MUST have exactly one record.

   Most zone typically have multiple authoritative servers.  Thus, the
   AUTHINFO Rdata returned from different authoritative servers for the
   same zone might differ.

3.  Contents of the Returned I-JSON Object

   The response from a DNS query for the AUTHINFO RRtype is a JSON
   object.  The JSON object MUST use the I-JSON message format defined
   in [RFC7493].  Note that [RFC7493] was based on RFC 7159, but RFC
   7159 was replaced by [RFC8259].  Requiring the use of I-JSON instead
   of more general JSON format greatly increases the likelihood of
   interoperability.

   The JSON object MAY contain any name/value pairs.

   All names in the returned object MUST either be defined in the IANA
   registry or, if for local use only, begin with the substring "temp-".
   The IANA registry (Section 5.1) will never register names that begin
   with "temp-".

   All names MUST consist only of lower-case ASCII characters, digits,
   and hyphens (that is, Unicode characters U+0061 through 007A, U+0030
   through U+0039, and U+002D), and MUST be 63 characters or shorter.
   As defined in Section 5.1, the IANA registry will not register names
   that begin with "temp-", so these names can be used freely by any
   implementer.

   Note that the message returned by the authoritative server MUST be in
   I-JSON format.  I-JSON requires that the message MUST be encoded in
   UTF8.








Hoffman & Sood           Expires March 12, 2021                 [Page 3]

Internet-Draft                DNS AUTHINFO                September 2020


3.1.  Example

   The I-JSON object that a authoritative server returns might look like
   the following:

   {
      "temp-field2": 42
   }

   As specified in [RFC7493], the I-JSON object is encoded as UTF8.
   [RFC7493] explicitly allows the returned objects to be in any order.

4.  Using AUTHINFO Responses for Detecting Client Subnet Support

   This document defines an entry for the IANA DNS Authoritative Server
   Information Registry that is defined in Section 5.1.

   The "ecs-supported" name is used to specify whether the authoritative
   server supports the EDNS(0) client subnet extension defined in
   [RFC7871].  The value MUST be a boolean.

4.1.  Example

   An authoritative server can be reached at "ns32.example.com" and the
   IP address 192.0.2.222.  It supports EDNS(0) client subnet extension.
   It's response to the AUTHINFO query might be:

   { "ecs-supported": true }

5.  IANA Considerations

5.1.  AUTHINFO RRtype

   This document defines a new DNS RR type, AUTHINFO, whose value TBD
   will be allocated by IANA from the "Resource Record (RR) TYPEs" sub-
   registry of the "Domain Name System (DNS) Parameters" registry:

   Type: AUTHINFO

   Value: TBD

   Meaning: Information self-published by an authoritative server as an
   I-JSON (RFC 7493) object

   Reference: This document






Hoffman & Sood           Expires March 12, 2021                 [Page 4]

Internet-Draft                DNS AUTHINFO                September 2020


5.2.  Registry for DNS Authoritative Server Information

   IANA will create a new registry titled "DNS Authoritative Server
   Information" that will contain definitions of the names that can be
   used with the protocols defined in this document.  The registration
   procedure is by Expert Review and Specification Required, as defined
   in [RFC8126].

   The specification that is required for registration can be either an
   Internet-Draft or an RFC.  The reviewer for this registry is
   instructed to generally be liberal in what they accept into the
   registry: as long as the specification that comes with the
   registration request is reasonably understandable, the registration
   should be accepted.

   The registry has the following fields for each element:

   Name: The name to be used in the JSON object.  This name MUST NOT
   begin with "temp-".  This name MUST conform to the definition of
   "string" in I-JSON [RFC7493] message format.

   Value type: The type of data to be used in the JSON object.

   Specification: The name of the specification for the registered
   element.

5.3.  Registration for ecs-supported in the IANA DNS Authoritative
      Server Information Registry

   Name: ecs-supported

   Value type: Boolean

   Specification: This document

6.  Security Considerations

   The values in the AUTHINFO response will be protected by DNSSEC
   signature if the zone in which the record resides is signed.

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.



Hoffman & Sood           Expires March 12, 2021                 [Page 5]

Internet-Draft                DNS AUTHINFO                September 2020


   [RFC7493]  Bray, T., Ed., "The I-JSON Message Format", RFC 7493,
              DOI 10.17487/RFC7493, March 2015,
              <https://www.rfc-editor.org/info/rfc7493>.

   [RFC7871]  Contavalli, C., van der Gaast, W., Lawrence, D., and W.
              Kumari, "Client Subnet in DNS Queries", RFC 7871,
              DOI 10.17487/RFC7871, May 2016,
              <https://www.rfc-editor.org/info/rfc7871>.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8259]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", STD 90, RFC 8259,
              DOI 10.17487/RFC8259, December 2017,
              <https://www.rfc-editor.org/info/rfc8259>.

   [RFC8499]  Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
              Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499,
              January 2019, <https://www.rfc-editor.org/info/rfc8499>.

7.2.  Informative References

   [RFC6891]  Damas, J., Graff, M., and P. Vixie, "Extension Mechanisms
              for DNS (EDNS(0))", STD 75, RFC 6891,
              DOI 10.17487/RFC6891, April 2013,
              <https://www.rfc-editor.org/info/rfc6891>.

Authors' Addresses

   Paul Hoffman
   ICANN

   Email: paul.hoffman@icann.org


   Puneet Sood
   Google

   Email: puneets@google.com





Hoffman & Sood           Expires March 12, 2021                 [Page 6]