< draft-andrews-dnsop-glue-is-not-optional-00.txt   draft-andrews-dnsop-glue-is-not-optional-01.txt >
Network Working Group M. Andrews Network Working Group M. Andrews
Internet-Draft ISC Internet-Draft ISC
Intended status: Standards Track April 14, 2020 Updates: 1034 (if approved) April 16, 2020
Expires: October 16, 2020 Intended status: Standards Track
Expires: October 18, 2020
Glue In DNS Referral Responses Is Not Optional Glue In DNS Referral Responses Is Not Optional
draft-andrews-dnsop-glue-is-not-optional-00 draft-andrews-dnsop-glue-is-not-optional-01
Abstract Abstract
The DNS uses glue records to allow iterative clients to find the The DNS uses glue records to allow iterative clients to find the
addresses of nameservers that live within the delegated zone. Glue addresses of nameservers that live within the delegated zone. Glue
records are expected to be returned as part of a referral and if they records are expected to be returned as part of a referral and if they
cannot be fitted into the UDP response, TC=1 MUST be set to inform cannot be fitted into the UDP response, TC=1 MUST be set to inform
the client that the response is incomplete and that TCP SHOULD be the client that the response is incomplete and that TCP SHOULD be
used to retrieve the full response. used to retrieve the full response.
skipping to change at page 1, line 35 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 16, 2020. This Internet-Draft will expire on October 18, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Reserved Words . . . . . . . . . . . . . . . . . . . . . 4 1.1. Reserved Words . . . . . . . . . . . . . . . . . . . . . 4
2. Modifications to RFC 1034 to reinforce the requirement . . . 4 2. Modifications to RFC1034 . . . . . . . . . . . . . . . . . . 4
3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. Normative References . . . . . . . . . . . . . . . . . . 4 5.1. Normative References . . . . . . . . . . . . . . . . . . 4
5.2. Informative References . . . . . . . . . . . . . . . . . 5 5.2. Informative References . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction 1. Introduction
The DNS [RFC1034], [RFC1035] uses glue records to allow iterative The DNS [RFC1034], [RFC1035] uses glue records to allow iterative
clients to find the addresses of nameservers that live within the clients to find the addresses of nameservers that live within the
delegated zone. Glue records are expected to be returned as part of delegated zone. Glue records are expected to be returned as part of
a referral and if they cannot be fitted into the UDP response, TC=1 a referral and if they cannot be fitted into the UDP response, TC=1
MUST be set to inform the client that the response is incomplete and MUST be set to inform the client that the response is incomplete and
that TCP SHOULD be used to retrieve the full response. that TCP SHOULD be used to retrieve the full response.
While not common real life examples servers that fail to set TC=1 While not common, real life examples of servers that fail to set TC=1
when glue records are available exist and they do cause resolution when glue records are available exist and they do cause resolution
failures. The example below shows a case where none of the glue failures. The example below shows a case where none of the glue
records fitted into the available space and TC=1 was not set in the records, present in the zone, fitted into the available space and
response. While this example show an DNSSEC [RFC4033], [RFC4034], TC=1 was not set in the response. While this example shows an DNSSEC
[RFC4035] referral response, this behaviour has also been seen with [RFC4033], [RFC4034], [RFC4035] referral response, this behaviour has
plain DNS responses as well. The records have been truncated for also been seen with plain DNS responses as well. The records have
display purposes. been truncated for display purposes.
% dig +norec +dnssec +bufsize=512 +ignore @a.gov-servers.net \ % dig +norec +dnssec +bufsize=512 +ignore @a.gov-servers.net \
rh202ns2.355.dhhs.gov rh202ns2.355.dhhs.gov
; <<>> DiG 9.15.4 <<>> +norec +dnssec +bufsize +ignore \ ; <<>> DiG 9.15.4 <<>> +norec +dnssec +bufsize +ignore \
@a.gov-servers.net rh202ns2.355.dhhs.gov @a.gov-servers.net rh202ns2.355.dhhs.gov
; (2 servers found) ; (2 servers found)
;; global options: +cmd ;; global options: +cmd
;; Got answer: ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8798 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8798
skipping to change at page 4, line 11 skipping to change at page 4, line 11
process. They are expected to be returned as part of a referral and process. They are expected to be returned as part of a referral and
if they can't fit in a UDP response TC=1 MUST be set to signal to the if they can't fit in a UDP response TC=1 MUST be set to signal to the
client to retry over TCP. This document reinforces that expectation. client to retry over TCP. This document reinforces that expectation.
1.1. Reserved Words 1.1. Reserved Words
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Modifications to RFC 1034 to reinforce the requirement 2. Modifications to RFC1034
Replace "Copy the NS RRs for the subzone into the authority section Replace
of the reply. Put whatever addresses are available into the
additional section, using glue RRs if the addresses are not available "Copy the NS RRs for the subzone into the authority section of the
from authoritative data or the cache. Go to step 4." with "Copy the reply. Put whatever addresses are available into the additional
NS RRs for the subzone into the authority section of the reply. Put section, using glue RRs if the addresses are not available from
whatever addresses are available into the additional section, using authoritative data or the cache. Go to step 4."
glue RRs if the addresses are not available from authoritative data
or the cache. If glue RRs do not fit set TC=1 in the header. Go to with
step 4."
"Copy the NS RRs for the subzone into the authority section of the
reply. Put whatever addresses are available into the additional
section, using glue RRs if the addresses are not available from
authoritative data or the cache. If glue RRs do not fit set TC=1 in
the header. Go to step 4."
3. Security Considerations 3. Security Considerations
This document reinforces DNS server behaviour expectations and does This document reinforces DNS server behaviour expectations and does
not introduce new security considerations. not introduce new security considerations.
4. IANA Considerations 4. IANA Considerations
There are no actions for IANA. There are no actions for IANA.
 End of changes. 8 change blocks. 
21 lines changed or deleted 27 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/