DNS Operations(dnsop)                                        K. Fujiwara
Internet-Draft                                                      JPRS
Intended status: Informational                              Oct 27, 2014
Expires: April 30, 2015


                    Unclear points of DNS protocols
                  draft-fujiwara-dnsop-unclear-00.txt

Abstract

   DNS protocols have some unclear points.  DNSSEC clarified some
   points.  However, there are still some unclear points.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 30, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.






Fujiwara                 Expires April 30, 2015                 [Page 1]

Internet-Draft       Unclear points of DNS protocols            Oct 2014


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Unclear terminology . . . . . . . . . . . . . . . . . . . . . . 3
     2.1.  Full-resolver . . . . . . . . . . . . . . . . . . . . . . . 3
     2.2.  Referrals . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  Unclear definitions . . . . . . . . . . . . . . . . . . . . . . 3
     3.1.  Ranking Data  . . . . . . . . . . . . . . . . . . . . . . . 4
   4.  Security considerations . . . . . . . . . . . . . . . . . . . . 4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
   6.  Normative References  . . . . . . . . . . . . . . . . . . . . . 4








































Fujiwara                 Expires April 30, 2015                 [Page 2]

Internet-Draft       Unclear points of DNS protocols            Oct 2014


1.  Introduction

   RFCs prior to RFC 2639 may contain unclear terminologies and unclear
   definitions.  Especially, RFC 1034, 1035, 1123, 2181 that described
   the main part of DNS protocols contain some unclear points and
   unclear terminologies.  This note tries to describe them.  Some parts
   may depend on implementations of those days.  For example, full-
   resolvers have one cache and mix authoritative data and non-
   authoritative data.

2.  Unclear terminology

2.1.  Full-resolver

   The 'full-resolver' definition is unclear.  [RFC1034] defines
   "Resolvers".  [RFC1035] uses "full resolver", "Recursive Server" and
   "Resolver".  [RFC1123] uses "full-service resolvers".  [RFC4033] uses
   "Security-Aware Recursive Name Server".  However, many textbooks and
   users use "cache server" or "caching server" as the full-resolver.

   Both authoritative server and stub resolver are clearly defined.

2.2.  Referrals

   The terminology 'referrals' is unclear.  Responses of authoritative
   servers are categorized into the following categories.

   Authoritative:  Name Error, No DATA or authoritative data (AA=1)

   Referrals:  Delegations under the zone.  (AA=0, non-authoritative)

   Others:  Other errors, or unnecessary data

   Referrals are important because they specify that there are
   delegations to children.  A clear definition of 'referrals' is
   necessary.  [RFC2181] seems to use "Data from the authority section
   of a non-authoritative answer" as "Referrals".

   RFC 1035 section 2.1 defines "authoritative" data.  However,
   referrals at zone cuts are not authoritative.

   Referrals may be a zone cut NS resource records and their glue.

3.  Unclear definitions







Fujiwara                 Expires April 30, 2015                 [Page 3]

Internet-Draft       Unclear points of DNS protocols            Oct 2014


3.1.  Ranking Data

   [RFC2181] section 5.4.1 Ranking Data defines the Ranking of received
   data.  The definition seems to be a mix of a rule to answer to stub
   resolvers, a rule to resolve domain names and cache update mechanism.

   Recent full-resolvers do not send referrals to stub resolvers.  For
   example, "Full-resolvers should not send non-authoritative data to
   stub resolvers" is one simple rule.

   The Ranking Data specifies that Referrals "Data from the authority
   section of a non-authoritative answer" is the lowest trustworthiness.
   Authoritative servers sometimes respond both the demanded response
   and "the authority section of an authoritative answer".  Then, the
   full-resolver chooses authoritative NS resource records.  As a
   result, the name resolution will be done by the added authority
   section data instead of previously received referrals.  This
   mechanism caused the ghost domain name problem and may increase
   queries to root.

   The name resolution is possible even if the Ranking is changed and
   the name resolution uses only Referrals and out-of-bailiwick name
   resolution.

4.  Security considerations

5.  IANA Considerations

6.  Normative References

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, November 1987.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, November 1987.

   [RFC1123]  Braden, R., "Requirements for Internet Hosts - Application
              and Support", STD 3, RFC 1123, October 1989.

   [RFC2181]  Elz, R. and R. Bush, "Clarifications to the DNS
              Specification", RFC 2181, July 1997.

   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "DNS Security Introduction and Requirements",
              RFC 4033, March 2005.






Fujiwara                 Expires April 30, 2015                 [Page 4]

Internet-Draft       Unclear points of DNS protocols            Oct 2014


Author's Address

   Kazunori Fujiwara
   Japan Registry Services Co., Ltd.
   Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
   Chiyoda-ku, Tokyo  101-0065
   Japan

   Phone: +81 3 5215 8451
   EMail: fujiwara@jprs.co.jp









































Fujiwara                 Expires April 30, 2015                 [Page 5]