Internet DRAFT - draft-wang-dnsext-nans

draft-wang-dnsext-nans



DNS Extensions Working Group                                  Zheng Wang
Internet Draft                                                Cindy Wang
Intended status: Informational                               Xiaodong Li
Expires: June 19, 2010                                             CNNIC
                                                       December 11, 2009



                       Negative Answer of DNS Queries
                       draft-wang-dnsext-nans-00.txt




Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79. This document may not be modified,
   and derivative works of it may not be created, and it may not be
   published except as an Internet-Draft.

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79. This document may not be modified,
   and derivative works of it may not be created, except to publish it
   as an RFC and to translate it into languages other than English.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November 10,
   2008. The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any




Wang, et al.            Expires June 19, 2010                 [Page 1]

Internet-Draft        draft-wang-dnsext-nans-00.txt        December 2009


   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on June 19, 2010.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   There is no way to indicate the negative answer of resource records
   (RR) with name and type other than QNAME and QTYPE. This memo
   proposes a method to inform the nonexistence of a given name and a
   given type.

Table of Contents


   1. Introduction................................................3
      1.1. Current DNS Operation..................................3
      1.2. Problem for Current DNS Operation of Negative Answers..3
   2. Negative Answer Definitions.................................3
      2.1. Negative Answer Data Format............................3
      2.2. Negative Answers from Authoritative Servers............4
      2.3. Caching Negative Answers...............................4
   3. Example.....................................................4
   4. Security Considerations.....................................5
   5. IANA Considerations.........................................5
   6. References..................................................5
   Author's Addresses.............................................6





Wang, et al.            Expires June 19, 2010                 [Page 2]

Internet-Draft        draft-wang-dnsext-nans-00.txt        December 2009


1. Introduction

1.1. Current DNS Operation

   Negative answer for QNAME and QTYPE, which is categorised into
   "NXDOMAIN" and "NODATA", has been covered by the DNS specifications
   [RFC1035]. "Name Error" RCODE expresses the nonexistence of QNAME (or
   "NXDOMAIN"). And the combination of "No Error" RCODE and no RRs
   relevant to QNAME in the answer section indicates that the name is
   valid, for the given class, but are no records of the given type (or
   "NODATA").

1.2. Problem for Current DNS Operation of Negative Answers

   There are some applications or DNS extensions that require "glue" RRs
   with their names other than QNAME and QTYPE in the response. i.e., in
   order to get both IPv4 and IPv6 addresses in a response, one "glue"
   proposal is to include AAAA RR as additional data in A responses and
   include A RR as additional data in AAAA responses. For this specific
   problem, no data answer for the glued RRs in the additional section
   is not distinguishable from the case that this "glue" proposal is not
   implemented by the name servers or resolvers. The difficulty is
   mainly due to the dependency of negative answer on RCODE, while RCODE
   only serves the answer for QNAME and QTYPE. In order to solve the
   problem, a new method of negative answer independent of RCODE is
   proposed.

2. Negative Answer Definitions

2.1. Negative Answer Data Format

   Negative answer is also categorised into two types "NXDOMAIN" and
   "NODATA".

   The four relevant fields are

   NAME TYPE CLASS RDATA

   Fields not mentioned are not important in terms of the negative
   answer.

   Negative answer of "NXDOMAIN" is

   NAME <empty> CLASS <empty>

   Negative answer of "NODATA" is



Wang, et al.            Expires June 19, 2010                 [Page 3]

Internet-Draft        draft-wang-dnsext-nans-00.txt        December 2009


   NAME TYPE CLASS <empty>

2.2. Negative Answers from Authoritative Servers

   Name Servers authoritative for a zone MAY place the negative answer
   to names and types other than QNAME and QTYPE in the response (i.e.,
   in the additional section).  If so, name servers authoritative for a
   zone MUST include the SOA record of the zone in the response (i.e.,
   in the additional section). If needed, the appropriate NSEC RR SHOULD
   be included in the response [RFC5155] (i.e., in the additional
   section).

2.3. Caching Negative Answers

   Negative answer to names and types other than QNAME and QTYPE in the
   response MAY be cached as specified in [RFC2308 5].

3. Example

   The following example is based on the "glue" proposal mentioned in
   section 1.2. The response to the query for AN.EXAMPLE. AAAA MAY
   include the negative answer of AN.EXAMPLE. A in the additional
   section.

   Header:

   RDCODE=NOERROR

   Query:

   AN.EXAMPLE. AAAA

   Answer:

   <empty>

   Authority:

   EXAMPLE. SOA NS1.XX. HOSTMASTER.NS1.XX. ....

   EXAMPLE. NS NS1.XX.

   EXAMPLE. NS NS2.XX.

   Additional:

   NS1.XX. A 127.0.0.2


Wang, et al.            Expires June 19, 2010                 [Page 4]

Internet-Draft        draft-wang-dnsext-nans-00.txt        December 2009


   NS2.XX. A 127.0.0.3

   AN.EXAMPLE. A

   The negative answer that resulted from a no data error (NODATA) of
   AN.EXAMPLE. A MAY be cache such that it can be retrieved and returned
   in response to another query for the same <QNAME, QTYPE, QCLASS> that
   resulted in the cached negative response.

4. Security Considerations

   TBD.

5. IANA Considerations

   TBD.

6. References

   [RFC1035] Mockapetris, P., "Domain Names - Implementation and
             Specifications", STD 13, RFC 1035, November 1987.

   [RFC2308] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)",
             RFC 2308, March 1998.

   [RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS
             Security (DNSSEC) Hashed Authenticated Denial of Existence",
             RFC 5155, March 2008.




















Wang, et al.            Expires June 19, 2010                 [Page 5]

Internet-Draft        draft-wang-dnsext-nans-00.txt        December 2009


        Authors' Addresses

   Zheng Wang
   CNNIC
   4, South 4th Street, Zhongguancun
   Beijing 100190
   P.R. China
   Email: wangzheng@cnnic.cn
   Cindy Wang
   CNNIC
   4, South 4th Street, Zhongguancun
   Beijing 100190
   P.R. China
   Email: wangxin@cnnic.cn
   Xiaodong Li
   CNNIC
   4, South 4th Street, Zhongguancun
   Beijing 100190
   P.R. China
   Email: lee@cnnic.cn




























Wang, et al.            Expires June 19, 2010                 [Page 6]