DNS Extensions Working Group Zheng Wang Internet Draft Cindy Wang Intended status: Informational Xiaodong Li Expires: June 19, 2010 CNNIC December 11, 2009 Negative Answer of DNS Queries draft-wang-dnsext-nans-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, and it may not be published except as an Internet-Draft. This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, except to publish it as an RFC and to translate it into languages other than English. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any Wang, et al. Expires June 19, 2010 [Page 1] Internet-Draft draft-wang-dnsext-nans-00.txt December 2009 time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on June 19, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract There is no way to indicate the negative answer of resource records (RR) with name and type other than QNAME and QTYPE. This memo proposes a method to inform the nonexistence of a given name and a given type. Table of Contents 1. Introduction................................................3 1.1. Current DNS Operation..................................3 1.2. Problem for Current DNS Operation of Negative Answers..3 2. Negative Answer Definitions.................................3 2.1. Negative Answer Data Format............................3 2.2. Negative Answers from Authoritative Servers............4 2.3. Caching Negative Answers...............................4 3. Example.....................................................4 4. Security Considerations.....................................5 5. IANA Considerations.........................................5 6. References..................................................5 Author's Addresses.............................................6 Wang, et al. Expires June 19, 2010 [Page 2] Internet-Draft draft-wang-dnsext-nans-00.txt December 2009 1. Introduction 1.1. Current DNS Operation Negative answer for QNAME and QTYPE, which is categorised into "NXDOMAIN" and "NODATA", has been covered by the DNS specifications [RFC1035]. "Name Error" RCODE expresses the nonexistence of QNAME (or "NXDOMAIN"). And the combination of "No Error" RCODE and no RRs relevant to QNAME in the answer section indicates that the name is valid, for the given class, but are no records of the given type (or "NODATA"). 1.2. Problem for Current DNS Operation of Negative Answers There are some applications or DNS extensions that require "glue" RRs with their names other than QNAME and QTYPE in the response. i.e., in order to get both IPv4 and IPv6 addresses in a response, one "glue" proposal is to include AAAA RR as additional data in A responses and include A RR as additional data in AAAA responses. For this specific problem, no data answer for the glued RRs in the additional section is not distinguishable from the case that this "glue" proposal is not implemented by the name servers or resolvers. The difficulty is mainly due to the dependency of negative answer on RCODE, while RCODE only serves the answer for QNAME and QTYPE. In order to solve the problem, a new method of negative answer independent of RCODE is proposed. 2. Negative Answer Definitions 2.1. Negative Answer Data Format Negative answer is also categorised into two types "NXDOMAIN" and "NODATA". The four relevant fields are NAME TYPE CLASS RDATA Fields not mentioned are not important in terms of the negative answer. Negative answer of "NXDOMAIN" is NAME CLASS Negative answer of "NODATA" is Wang, et al. Expires June 19, 2010 [Page 3] Internet-Draft draft-wang-dnsext-nans-00.txt December 2009 NAME TYPE CLASS 2.2. Negative Answers from Authoritative Servers Name Servers authoritative for a zone MAY place the negative answer to names and types other than QNAME and QTYPE in the response (i.e., in the additional section). If so, name servers authoritative for a zone MUST include the SOA record of the zone in the response (i.e., in the additional section). If needed, the appropriate NSEC RR SHOULD be included in the response [RFC5155] (i.e., in the additional section). 2.3. Caching Negative Answers Negative answer to names and types other than QNAME and QTYPE in the response MAY be cached as specified in [RFC2308 5]. 3. Example The following example is based on the "glue" proposal mentioned in section 1.2. The response to the query for AN.EXAMPLE. AAAA MAY include the negative answer of AN.EXAMPLE. A in the additional section. Header: RDCODE=NOERROR Query: AN.EXAMPLE. AAAA Answer: Authority: EXAMPLE. SOA NS1.XX. HOSTMASTER.NS1.XX. .... EXAMPLE. NS NS1.XX. EXAMPLE. NS NS2.XX. Additional: NS1.XX. A 127.0.0.2 Wang, et al. Expires June 19, 2010 [Page 4] Internet-Draft draft-wang-dnsext-nans-00.txt December 2009 NS2.XX. A 127.0.0.3 AN.EXAMPLE. A The negative answer that resulted from a no data error (NODATA) of AN.EXAMPLE. A MAY be cache such that it can be retrieved and returned in response to another query for the same that resulted in the cached negative response. 4. Security Considerations TBD. 5. IANA Considerations TBD. 6. References [RFC1035] Mockapetris, P., "Domain Names - Implementation and Specifications", STD 13, RFC 1035, November 1987. [RFC2308] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)", RFC 2308, March 1998. [RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence", RFC 5155, March 2008. Wang, et al. Expires June 19, 2010 [Page 5] Internet-Draft draft-wang-dnsext-nans-00.txt December 2009 Authors' Addresses Zheng Wang CNNIC 4, South 4th Street, Zhongguancun Beijing 100190 P.R. China Email: wangzheng@cnnic.cn Cindy Wang CNNIC 4, South 4th Street, Zhongguancun Beijing 100190 P.R. China Email: wangxin@cnnic.cn Xiaodong Li CNNIC 4, South 4th Street, Zhongguancun Beijing 100190 P.R. China Email: lee@cnnic.cn Wang, et al. Expires June 19, 2010 [Page 6]