Domain Name System (DNS) IANA Considerations

Domain Name System (DNS) IANA Considerations Independent

2386 Panoramic Circle Apopka FL 32703 US +1-508-333-2270 d3e3e3@gmail.com

DNSOP This document specifies Internet Assigned Numbers Authority (IANA) parameter assignment considerations for the allocation of Domain Name System (DNS) resource record (RR) types, CLASSes, operation codes, error codes (RCODEs), DNS protocol message header bits, and AFSDB resource record subtypes. It obsoletes RFC 6895 and updates RFCs 1183, 2930, 3597, and 8945.

Introduction The Domain Name System (DNS) provides replicated distributed securable hierarchical databases that store "resource records" (RRs) under domain names. DNS data is structured into CLASSes and zones that can be independently maintained. Familiarity with , , , , , and DNS terminology is assumed. This document provides, either directly or by reference, the general IANA parameter assignment considerations that apply across DNS request and response headers and all RRs. There may be additional IANA considerations that apply to only a particular RRTYPE or request/response OpCode. See the specific RFC defining that RRTYPE or request/response OpCode for such considerations if they have been defined, except for AFSDB RR considerations , which are included herein. This document also covers IANA considerations for CLASSes, error codes (RCODEs), and DNS protocol message header bits. This RFC obsoletes and updates RFCs , , , and . IANA currently maintains a web page of DNS parameters available from . "Standards Action", "IETF Review", "Specification Required", "Reserved", and "Private Use" are as defined in .

DNS Request/Response Headers The header for DNS requests and responses contains field/bits as shown in the following diagrams taken from and :

DNS Message Header For Non-Update Messages 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |QR| OpCode!=5 |AA|TC|RD|RA| Z|AD|CD| RCODE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QDCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ANCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | NSCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ARCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

DNS Message Header For Update Messages 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |QR| OpCode=5 | Z | RCODE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ZOCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PRCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | UPCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ARCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ The ID field identifies the request and is echoed in the response so they can be matched. The QR (Query/Response) bit indicates whether the header is for a request (QR=0) or a response (QR=1). See for the OpCode field. The AA (Authoritative Answer), TC (TrunCation), RD (Recursion Desired), RA (Recursion Available), and CD (Checking Disabled) bits are each specified as meaningful only in requests or only in responses, depending on the bit. All except the CD bit are specified in while the CD bit is specified in . The AD bit was only meaningful in responses but is expected to have a separate but related meaning in queries (see Section 5.7 of ). Only the RD and CD bits are expected to be copied from the request to the response; however, some DNS implementations copy all the request header as the initial value of the response header. Thus, any attempt to use a "request" bit with a different meaning in a response or to define a request meaning for a "response" bit may be dangerous, given the existing implementation. Meanings for these bits may only be assigned by a Standards Action. The unsigned integer fields query/request count (QDCOUNT), answer count (ANCOUNT), authority count (NSCOUNT), and additional information count (ARCOUNT) express the number of records in each section for all OpCodes except Update . These fields have the same structure and data type for Update but are instead the counts for the zone (ZOCOUNT), prerequisite (PRCOUNT), update (UPCOUNT), and additional information (ARCOUNT) sections. The Z bits are sent as zero and ignored on receipt. Assigning a meaning to a Z bit requires a Standards Action.

OpCode Assignments Currently, DNS OpCodes are assigned as follows: DNS Op Codes

OpCode	Name	Reference
0	Query
1	IQuery (Inverse Query, OBSOLETE)
2	Status
3	Unassigned
4	Notify
5	Update
6	DSO (DNS Stateful Operations)
7-15	Unassigned

Although the Status OpCode is reserved in , its behavior has not been specified. New OpCode assignments require a Standards Action with early allocation permitted as specified in .

RCODE Assignment It would appear from the DNS header above that only four bits of RCODE, or response/error code, are available. However, RCODEs can appear not only at the top level of a DNS response but also inside TSIG RRs , TKEY RRs , and extended by OPT RRs . The OPT RR provides an 8-bit extension to the 4 header bits, resulting in a 12-bit RCODE field, and the TSIG and TKEY RRs have a separate 16-bit field designated in their RFCs as the "Error" field. Error codes appearing in the DNS header and in these other RR types all refer to the same error code space with the exception of error code 16, which has a different meaning in the OPT RR than in the TSIG RR, and error code 9, whose variations are described after the table below. The duplicate assignment of 16 was accidental. To the extent that any prior RFCs imply any sort of different error number space for the OPT, TSIG, or TKEY RRs, they are superseded by this unified DNS error number space. (This paragraph is the reason this document updates and .) With the existing exceptions of error numbers 9 and 16, the same error number must not be assigned for different errors even if they would only occur in different RR types. See table below. DNS Error Codes

RCODE	Name	Description
Decimal Hexadecimal
0	NoError	No Error
1	FormErr	Format Error
2	ServFail	Server Failure
3	NXDomain	Non-Existent Domain
4	NotImp	Not Implemented
5	Refused	Request Refused
6	YXDomain	Name Exists when it should not
7	YXRRSet	RR Set Exists when it should not
8	NXRRSet	RR Set that should exist does not
9	NotAuth	Server Not Authoritative for zone
9	NotAuth	Not Authorized
10	NotZone	Name not contained in zone
11	DSOTYPENI	DSO TYPE Not Implemented
12-15 0xB-0xF		Unassigned
16	BADVERS	Bad OPT Version
16	BADSIG	TSIG Signature Failure
17	BADKEY	Key not recognized
18	BADTIME	Signature out of time window
19	BADMODE	Bad TKEY Mode
20	BADNAME	Duplicate key name
21	BADALG	Algorithm not supported
22	BADTRUNC	Bad Truncation
23	BADCOOKE	Bad/Missing Server Cookie
24-3,840 0x0017-0x0F00		Unassigned
3,841-4,095 0x0F01-0x0FFF		Private Use
4,096-65,534 0x1000-0xFFFE		Unassigned
65,535 0xFFFF		Reserved

Note on error number 9 (NotAuth): This error number means either "Not Authoritative" or "Not Authorized" . If 9 appears as the RCODE in the header of a DNS response without a TSIG RR or with a TSIG RR having a zero error field, then it means "Not Authoritative". If 9 appears as the RCODE in the header of a DNS response that includes a TSIG RR with a non-zero error field, then it means "Not Authorized".

Since it is important that RCODEs be understood for interoperability, assignment of a new RCODE in the ranges listed above as "Unassigned" requires IETF Review.

DNS Resource Records (RRs) All RRs have the same top-level format, shown in the figure below taken from .

DNS Resource Record (RR) Format 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / / / NAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | CLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TTL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RDLENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| / RDATA / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

NAME:: An owner name, i.e., the name of the node to which this RR pertains. NAMEs are specific to a CLASS as described in . NAMEs consist of an ordered sequence of one or more labels, each of which has a label type .
TYPE:: A 2-octet unsigned integer containing one of the RRTYPE codes. See .
CLASS:: A 2-octet unsigned integer containing one of the RR CLASS codes. See .
TTL:: A 4-octet (32-bit) unsigned integer that specifies, for data TYPEs, the number of seconds that the resource record may be cached before the source of the information should again be consulted. Zero is interpreted to mean that the RR can only be used for the transaction in progress.
RDLENGTH:: An unsigned 16-bit integer that specifies the length in octets of the RDATA field.
RDATA:: A variable-length string of octets that constitutes the resource. The format of this information varies according to the TYPE and, in some cases, the CLASS of the resource record.

RRTYPE IANA Considerations There are three subcategories of RRTYPE numbers: data TYPEs, QTYPEs, and Meta-TYPEs.

Data TYPEs:: The means of storing data. These are the RRs that are stored in zones.
QTYPEs:: These can only be used in queries or other requests. They are not stored in zones.
Meta-TYPEs:: These designate transient data associated with a particular DNS message and, in some cases, can also be used in requests. They are not stored in zones. However, the special case of RRTYPE 128 can only validly "appear" as the corresponding bit in an NSEC type bit map .

Thus far, data TYPEs have been assigned from the ranges 1 - 127 and 256 - 61,439, while Q and Meta-TYPEs have been assigned from 255 downward except for the OPT Meta-RR, which is assigned TYPE 41. There is also a range of TYPES from 129 to 144 reserved for Private Use Q or Meta-RRs. There have been DNS implementations that made caching decisions based on the top bit of the bottom byte of the RRTYPE. There are currently four Meta-TYPEs and five QTYPEs assigned and a range of TYPES assigned for Private Use as listed in the table below. Currently Assigned QTYPE and Meta-TYPE RRs

Value	Mnemonic	Description	Reference
41	OPT	Meta-TYPE: Extension Mechanisms
128	NXNAME	Meta-TYPE: Compact Denial of Existence NXDOMAIN indicator
129-144		Private Use Q or Meta-TYPEs	[this document]
249	TKEY	Meta-TYPE: Transaction Key
250	TSIG	Meta-TYPE: Transaction Signature
251	IXFR	QTYPE: Incremental Zone Transfer
252	AXFR	QTYPE: Entire Zone Transfer
253	MAILB	QTYPE: Mailbox-related RRs
254	MAILA	QTYPE: Mail agent RRs (Obsolete - see the MX RR)
255	*	QTYPE: ANY/ALL

Assigned RRTYPEs have mnemonics that must be completely disjoint from the mnemonics used for CLASSes and that must match the regular expression below. In addition, the generic CLASS and RRTYPE names specified in Section 5 of cannot be assigned as RRTYPE mnemonics. [A-Z][A-Z0-9\-]*[A-Z0-9] but not (TYPE|CLASS)[0-9]* Considerations for the assignment of new RRTYPEs are as follows: DNS Resource Record Type Codes

Decimal Hexadecimal	Assignment Policy
0 0x0000	RRTYPE zero is used as a special indicator for the SIG(0) RR and in other circumstances. It must never be assigned for ordinary use.
1-127 0x0001-0x007F	Unassigned RRTYPEs in this range are assigned for data TYPEs by the DNS RRTYPE Assignment Policy as specified in Section 3.1.1.
128-255 0x0080-0x00FF	Unassigned RRTYPEs in this range are assigned for QTYPEs and Meta-TYPEs by the DNS RRTYPE Assignment Policy as specified in Section 3.1.1.
256-61,439 0x0100-0xEFFF	Unassigned RRTYPEs in this range are assigned for data RRTYPEs by the DNS RRTYPE Assignment Policy as specified in Section 3.1.1. (32,768 and 32,769 (0x8000 and 0x8001) have been assigned.)
61,440-65,279 0xF000-0xFEFF	Reserved for future use. IETF Review required to define use
65,280-65,534 0xFF00-0xFFFE	Reserved for Private Use data RRs.
65,535 0xFFFF	Reserved (Standards Action)

DNS RRTYPE Assignment Policy Parameter values specified in Section 3.1 above, as assigned based on DNS RRTYPE Assignment Policy, are allocated by Expert Review if they meet the two requirements listed below. There will be a pool of a small number of Experts appointed by the IESG. Each application will be judged by an Expert selected by IANA. In any case where the selected Expert is unavailable or states they have a conflict of interest, IANA may select another Expert from the pool. Some guidelines for the Experts are given in Section 3.1.2. RRTYPEs that do not meet the requirements below may nonetheless be assignment by a Standards Action with early allocation permitted as specified in .

A complete template as specified in Appendix A has been posted to the dns-rrtype-applications@ietf.org mailing list and received by the Expert. Note that the posting of partially completed, draft, or formally submitted templates to dnsop@ietf.org by the applicant or Expert for comment and discussion is highly encouraged. Before formal submission of an RRTYPE template, we recommend submitting it for community review and considering the responses in order to reduce the probability of initial rejection and the need for modification and resubmission.
The RR for which an RRTYPE code is being requested is either (a) a data TYPE that can be handled as an Unknown RR as described in or (b) a Meta-TYPE whose processing is optional, i.e., it is safe to simply discard RRs with that Meta-TYPE in queries or responses. Note that such RRs may include additional section processing, provided such processing is optional.

After the applicant submits their formal application to IANA by sending the completed template specified in Appendix A to the dns-rrtype-applications@ietf.org mailing list, IANA appoints an Expert and sends the completed template to the Expert, copying the applicant. No more than two weeks after receiving the application, the Expert shall explicitly approve or reject the application, informing IANA, the applicant, and the dnsop@ietf.org mailing list. A rejection should include the reason for rejection and may include suggestions for improvement. The Expert should consult with other technical experts and the dnsop@ietf.org mailing list as necessary. If the Expert does not approve the application within this period, it is considered rejected. IANA should report non-responsive Experts to the IESG. IANA shall maintain a public archive of approved templates. In addition, if the required description of the RRTYPE applied for is referenced by URL, a copy of the document so referenced should be included in the archive.

DNS RRTYPE Expert Guidelines The Designated Expert should normally be lenient, preferring to approve most requests. However, the Expert should usually reject any RRTYPE assignment request that meets one or more of the following criteria:

The request was documented in a manner that was not sufficiently clear or complete to evaluate or implement. (Additional documentation can be provided during the Expert Review period.)
The proposed RRTYPE or RRTYPEs affect DNS processing and do not meet the criteria in point 2 of Section 3.1.1 above.
Application use as documented makes incorrect assumptions about DNS protocol behavior, such as wildcards, CNAME, DNAME, etc.
An excessive number of RRTYPE values is being requested when the purpose could be met with a smaller number of values or with Private Use values.

Special Note on the OPT RR The OPT (OPTion) RR (RRTYPE 41) and its IANA considerations are specified in . Its primary purpose is to extend the effective field size of various DNS fields, including RCODE, label type, OpCode, flag bits, and RDATA size. In particular, for resolvers and servers that recognize it, it extends the RCODE field from 4 to 12 bits.

The AFSDB RR Subtype Field The AFSDB RR is a CLASS-insensitive RR that has the same RDATA field structure as the MX RR , but the 16-bit unsigned integer field at the beginning of the RDATA is interpreted as a subtype as shown below. Use of the AFSDB RR to locate AFS cell database servers was deprecated by . This subtype registry is closed, and assignment of new subtypes is not permitted. AFSDB Subtype Codes

Decimal Hexadecimal	Assignment Policy
0 0x0000	Reserved; registry closed
1 0x0001	AFS v3.0 Location Service
2 0x0002	DCE/NCA root cell directory node
3-65,279 0x0003-0xFEFF	Not assigned; registry closed
65,280-65,534 0xFF00-0xFFFE	Private Use
65,535 0xFFFF	Reserved; registry closed

RR CLASS IANA Considerations There are currently two subcategories of DNS CLASSes: normal, data- containing classes; and QCLASSes that are only meaningful in queries or updates. DNS CLASSes have been little used but constitute another dimension of the DNS distributed database. In particular, there is no necessary relationship between the namespace or root servers for one data CLASS and those for another data CLASS. The same DNS NAME can have completely different meanings in different CLASSes. The label types are the same, and the null label is usable only as root in every CLASS. As global networking and DNS have evolved, the IN, or Internet, CLASS has dominated DNS use. As yet, there has not been a requirement for "Meta-CLASSes". That would be a CLASS to designate transient data associated with a particular DNS message, which might be usable in queries. However, it is possible that there might be a future requirement for one or more "Meta-CLASSes". Assigned CLASSes have mnemonics that must be completely disjoint from the mnemonics used for RRTYPEs and that must match the regular expression below. In addition, the generic CLASS and RRTYPE names specified in Section 5 of cannot be assigned as new CLASS mnemonics. [A-Z][A-Z0-9\-]*[A-Z0-9] but not (CLASS|TYPE)[0-9]* The current CLASS assignments and considerations for future assignments are as follows: DNs CLASS Codes

Decimal Hexadecimal	Assignment Policy
0 0x0000	Reserved; assignment requires a Standards Action.
1 0x0001	Internet (IN)
2 0x0002	Available for assignment by IETF Review as a data CLASS.
3 0x0003	Chaos (CH)
4 0x0004	Hesiod (HS)
5-127 0x0005-0x007F	Available for assignment by IETF Review for data CLASSes only.
128-253 0x0080-0x00FD	Available for assignment by IETF Review for QCLASSes and Meta-CLASSes only.
254 0x00FE	QCLASS NONE
255 0x00FF	QCLASS * (ANY)
256-32,767 0x0100-0x7FFF	Available for assignment by IETF Review.
32,768-57,343 0x8000-0xDFFF	Available for assignment to data CLASSes only; Specification Required.
57,344-65,279 0xE000-0xFEFF	Available for assignment to QCLASSes and Meta-CLASSes only; Specification Required.
65,280-65,534 0xFF00-0xFFFE	Private Use
65,535 0xFFFF	Reserved; can only be assigned by a Standards Action.

Label Considerations DNS NAMEs are sequences of labels .

Label Types At the present time, there are two categories of label types: data labels and compression labels. Compression labels are pointers to data labels elsewhere within an RR or DNS message and are intended to shorten the wire encoding of NAMEs. The two existing data label types are sometimes referred to as Text and Binary. Text labels can, in fact, include any octet value including zero-value octets, but many current uses involve only printing ASCII characters . For retrieval, Text labels are defined to treat ASCII uppercase and lowercase letter codes as matching . Binary labels were bit sequences; they have been declared Historic .

Label Contents and Use The last label in each NAME is "ROOT", which is the zero-length label. By definition, the null or ROOT label cannot be used for any other NAME purpose. NAMEs are local to a CLASS. The Hesiod [Dyer1987] and Chaos [Moon1981] CLASSes are for essentially local use. The IN, or Internet, CLASS is thus the only DNS CLASS in global use on the Internet at this time. A somewhat out-of-date description of name assignment in the IN CLASS is given in . Some information on reserved top-level domain names is in BCP 32 .

Security Considerations This document addresses IANA considerations in the assignment of general DNS parameters, not security. See , , and for secure DNS considerations.

IANA Considerations This document consists of DNS IANA considerations. IANA has established a process for accepting Appendix A templates and selecting an Expert from those appointed to review such template form applications. IANA forwards the template to the Expert, copying the applicant. IANA archives and makes available all approved RRTYPE assignment templates and referred documentation (unless it is readily available at a stable URI). It is the duty of the applicant to post the formal application template to the dns-rrtype-applications@ietf.org mailing list, which IANA will monitor. The dnsop@ietf.org mailing list is for community discussion and comment. See and for more details. IANA is requested to replace all occurrences of as a reference in IANA registries are updated to refer to [this document].

References Normative References Informative References Hesiod DNS Parameters Chaosnet

RRTYPE Assignment Template DNS RRTYPE PARAMETER ASSIGNMENT TEMPLATE When ready for formal consideration, this template is to be submitted to IANA for processing by emailing the template to dns-rrtype- applications@ietf.org. A. Submission Date: B.1 Submission Type: [ ] New RRTYPE [ ] Modification to RRTYPE B.2 Kind of RR: [ ] Data RR [ ] Meta-RR C. Contact Information for submitter (will be publicly posted): Name: Email Address: International telephone number: Other contact handles: D. Motivation for the new RRTYPE application. Please keep this part at a high level to inform the Expert and reviewers about uses of the RRTYPE. Most reviewers will be DNS experts that may have limited knowledge of your application space. E. Description of the proposed RR type. This description can be provided in-line in the template, as an attachment, or with a publicly available URL. F. What existing RRTYPE or RRTYPEs come closest to filling that need and why are they unsatisfactory? G. What mnemonic is requested for the new RRTYPE (optional)? Note: If a mnemonic is not supplied, not allowed, or duplicates an existing RRTYPE or CLASS mnemonic, the Expert will assign a mnemonic. H. Does the requested RRTYPE make use of any existing IANA registry or require the creation of a new IANA subregistry in DNS Parameters? If so, please indicate which registry is to be used or created. If a new subregistry is needed, specify the assignment policy for it and its initial contents. Also include what the modification procedures will be. I. Does the proposal require/expect any changes in DNS servers/resolvers that prevent the new type from being processed as an unknown RRTYPE (see RFC 3597)? J. Comments:

Changes from

Reserve RR types 129-144 for Private Use Q and Meta-Types as contributed by Shumon Huque. Add a Table of Q and Meta-Types.
Update references to dnsext@ietf.org to dnsop@ietf.org.
Drop list of updates from RFC 6195 as those were already incorporated into . Add this list of changes from .
Convert source to XMLv3.
Update numerous references to point to the latest RFCs.
Update Introduction to list all RFC Updates and to cover all topics covered in the Abstract and to not have a subsection.
Add reference to DNS Terminology .
Generally, replace most uses of "query" to be "request".
Add captions to all Figures and Tables.
Update DNS Op Codes Table and DNS Error Codes Table to list additional values assigned.
Numerous editorial changes.

Acknowledgements TBD acknowledgements: Alfred Hoenes' contributions are gratefully acknowledged as are those by Mark Andrews, Dick Franks, and Michael Sheldon. Yet earlier versions acknowledgements: Eric Brunner-Williams and Bill Manning.

Contributors Salesforce

shuque@gmail.com